CVE-2021-1420

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/14/2021 05:48:00 PM UTC

CVE-2021-1420 - advisory for cisco-sa-webex-VObwRKWV

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Certain versions of Webex Meetings from Cisco contain the following vulnerability:

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user's browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.

  • CVE-2021-1420 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco Webex Meetings version n/a

CVSS3 Score: 4.7 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
CHANGED NONE LOW NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Cisco Webex Meetings HTML Injection Vulnerability tools.cisco.com
text/html
URL Logo CISCO 20210407 Cisco Webex Meetings HTML Injection Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoWebex Meetings-AllAllAll
  • cpe:2.3:a:cisco:webex_meetings:-:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1420 : A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remo… twitter.com/i/web/status/1… 2021-04-08 04:21:10