CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
71.3%
A vulnerability in the outlookpa page of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to modify the invite list of scheduled meetings.
The vulnerability is due to improper sanitization of application programming interface (API) input. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable device.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted data to the targeted system. This access requirement could limit the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | webex_meetings_server | any | cpe:2.3:a:cisco:webex_meetings_server:any:*:*:*:*:*:*:* |