Lucene search

CiscoCVELIST:CVE-2021-1311

HistoryJan 13, 2021 - 9:46 p.m.

CVE-2021-1311 Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability

2021-01-1321:46:00

CWE-307

cisco

www.cve.org

cisco webex

meetings server

vulnerability

host key

brute forcing

authenticated attacker

remote

join links

passwords

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.

CNA Affected

[
  {
    "product": "Cisco WebEx Meetings Server",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-brutef-hostkey-FWRMxVF

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

40.9%

JSON

Related for CVELIST:CVE-2021-1311