CVE-2021-1410

MEDIUM EPSS 52.2%
Published Nov 18, 20241y ago · Modified Jun 17, 20261w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Nov 18, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
52.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-284

Affected Products 18

VendorProductVersionRange
ciscowebex_meetings39.6any
ciscowebex_meetings39.7any
ciscowebex_meetings39.7.4any
ciscowebex_meetings39.7.7any
ciscowebex_meetings39.8any
ciscowebex_meetings39.8.2any
ciscowebex_meetings39.8.3any
ciscowebex_meetings39.8.4any
ciscowebex_meetings39.9any
ciscowebex_meetings39.9.1any
ciscowebex_meetings39.10any
ciscowebex_meetings39.11any
ciscowebex_meetings40.1any
ciscowebex_meetings40.2any
ciscowebex_meetings40.4any
ciscowebex_meetings40.4.10any
ciscowebex_meetings40.6any
ciscowebex_meetings40.6.2any

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.