CVE-2021-1311
Published on: 01/13/2021 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:28:55 PM UTC
CVE-2021-1311 - advisory for cisco-sa-webex-brutef-hostkey-FWRMxVF
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Webex Meetings from Cisco contain the following vulnerability:
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.
- CVE-2021-1311 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software: Cisco - Cisco WebEx Meetings Server version n/a
CVSS3 Score: 5.4 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | LOW | LOW |
CVSS2 Score: 5.5 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | SINGLE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| NONE | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability | Vendor Advisory tools.cisco.com text/html |
CISCO 20210113 Cisco Webex Meetings and Cisco Webex Meetings Server Host Key Brute Forcing Vulnerability |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Webex Meetings | All | All | All | All |
| Application | Cisco | Webex Meetings | All | All | All | All |
| Application | Cisco | Webex Meetings Server | All | All | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | - | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release1 | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release2 | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release3 | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release4 | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | - | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | maintenance_release1 | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | maintenance_release2 | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | maintenance_release3 | All | All |
| Application | Cisco | Webex Meetings Server | All | All | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | - | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release1 | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release2 | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release3 | All | All |
| Application | Cisco | Webex Meetings Server | 3.0 | maintenance_release4 | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | - | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | maintenance_release1 | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | maintenance_release2 | All | All |
| Application | Cisco | Webex Meetings Server | 4.0 | maintenance_release3 | All | All |
- cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE