Lucene search

K
cve[email protected]CVE-2021-1536
HistoryJun 04, 2021 - 5:15 p.m.

CVE-2021-1536

2021-06-0417:15:09
CWE-427
web.nvd.nist.gov
42
10
cve-2021-1536
cisco webex
dll injection
vulnerability
windows
nvd
security
exploit

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.3%

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.

Affected configurations

NVD
Node
ciscowebex_meetings_desktopMatch-windows
OR
ciscowebex_meetings_onlineMatch-
OR
ciscowebex_meetings_serverMatch4.0
OR
ciscowebex_network_recording_playerMatch-windows
OR
ciscowebex_teamsMatch3.0.15485.0windows
VendorProductVersionCPE
ciscowebex_meetings_desktop-cpe:/a:cisco:webex_meetings_desktop:-:::
ciscowebex_teams3.0.15485.0cpe:/a:cisco:webex_teams:3.0.15485.0:::
ciscowebex_meetings_online-cpe:/a:cisco:webex_meetings_online:-:::
ciscowebex_network_recording_player-cpe:/a:cisco:webex_network_recording_player:-:::
ciscowebex_meetings_server4.0cpe:/a:cisco:webex_meetings_server:4.0:::

CNA Affected

[
  {
    "product": "Cisco Webex Teams ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.3%

Related for CVE-2021-1536