CVE-2021-1410
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2021-1410 is a vulnerability affecting the distribution list feature of Cisco Webex Meetings. It allows authenticated, remote attackers to modify distribution lists that belong to other users within their organization. The root cause of this issue is insufficient authorization enforcement for requests to update distribution lists. An attacker can exploit this vulnerability by sending a specially crafted request to the Webex Meetings interface to manipulate an existing distribution list. Successful exploitation could result in the modification of a distribution list that does not belong to the attacker. Cisco has released software updates to address this vulnerability, and currently, there are no workarounds available to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco WebEx Meetings
Affected Vendors
- Cisco Systems Inc