CVE-2021-1500 — Open Redirect in Cisco Webex Video Mesh

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

CNA5.4

EPSS

0.2%

top 59.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Webex Video Mesh Cisco Webex Video Mesh Cisco Collaboration Meeting Rooms

Timeline

PublishedNov 4

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDcisco/webex_video_mesh< 2021.10.18.2439m

▶CVEListV5cisco/cisco_webex_video_meshn/a

▶NVDcisco/collaboration_meeting_rooms2.0

🔴Vulnerability Details

GHSA

GHSA-hhx6-gmw8-x326: A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to↗2022-05-24

▶

CVEList

Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability↗2021-11-04

▶

📋Vendor Advisories

Cisco

Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability↗2021-11-03

▶