CVE-2021-1410

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 18, 2024
CWE ID 284

Summary

CVE-2021-1410 is a vulnerability affecting the distribution list feature of Cisco Webex Meetings. It allows authenticated, remote attackers to modify distribution lists that belong to other users within their organization. The root cause of this issue is insufficient authorization enforcement for requests to update distribution lists. An attacker can exploit this vulnerability by sending a specially crafted request to the Webex Meetings interface to manipulate an existing distribution list. Successful exploitation could result in the modification of a distribution list that does not belong to the attacker. Cisco has released software updates to address this vulnerability, and currently, there are no workarounds available to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco WebEx Meetings

Affected Vendors

  • Cisco Systems Inc