← Back

CVE-2021-1311

nvd nist
Published: Jan 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.

Affected (11)

Cisco
2 products
Webex Meetings
Webex Meetings Server
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Webex Meetings
Before 40.12.0
Cisco
Webex Meetings Server
Before 3.0
Webex Meetings Server
Version 3.0
Webex Meetings Server
Version 3.0 maintenance_release1
Webex Meetings Server
Version 3.0 maintenance_release2
Webex Meetings Server
Version 3.0 maintenance_release3
Webex Meetings Server
Version 3.0 maintenance_release4
Webex Meetings Server
Version 4.0
Webex Meetings Server
Version 4.0 maintenance_release1
Webex Meetings Server
Version 4.0 maintenance_release2
Webex Meetings Server
Version 4.0 maintenance_release3

Related CWEs

CWE-307
Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.