Design/Logic Flaw

2021-01-1322:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.0%

JSON

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.

CPENameOperatorVersion
webex_meetingseq< 20201215
webex_meetings_serverlt3.0
webex_meetings_servereq3.0 maintenance-release1
webex_meetings_servereq3.0
webex_meetings_servereq3.0 maintenance-release2
webex_meetings_servereq3.0 maintenance-release3
webex_meetings_servereq4.0
webex_meetings_servereq4.0 maintenance-release1
webex_meetings_servereq4.0 maintenance-release2
webex_meetings_servereq4.0 maintenance-release3

Name	Operator	Version
webex_meetings	eq	< 20201215
webex_meetings_server	lt	3.0
webex_meetings_server	eq	3.0 maintenance-release1
webex_meetings_server	eq	3.0
webex_meetings_server	eq	3.0 maintenance-release2
webex_meetings_server	eq	3.0 maintenance-release3
webex_meetings_server	eq	4.0
webex_meetings_server	eq	4.0 maintenance-release1
webex_meetings_server	eq	4.0 maintenance-release2
webex_meetings_server	eq	4.0 maintenance-release3