Details of VAR-202101-1016

ID

VAR-202101-1016

CVE

CVE-2021-1242

TITLE

Cisco Webex Teams Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002766

DESCRIPTION

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Cisco Webex Teams Contains an unspecified vulnerability.Information may be tampered with. Cisco Webex Teams is a team collaboration application of Cisco (Cisco). The program includes video conferencing, group messaging and file sharing capabilities

Trust: 1.8

sources: NVD: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // VULHUB: VHN-374296 // VULMON: CVE-2021-1242

AFFECTED PRODUCTS

vendor:	cisco	model:	webex teams	scope:	lt	version:	40.12.0.17293	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002766 // NVD: CVE-2021-1242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1242
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1242
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1242
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-953
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374296
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1242
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1242
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374296
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1242
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1242
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374296 // VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953 // NVD: CVE-2021-1242 // NVD: CVE-2021-1242

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-450	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-002766 // NVD: CVE-2021-1242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-953

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-953

PATCH

title:	cisco-sa-webex-teams-7ZMcXG99	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99	Trust: 0.8
title:	Cisco Webex Teams Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139059	Trust: 0.6
title:	Cisco: Cisco Webex Teams Shared File Manipulation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-teams-7ZMcXG99	Trust: 0.1

sources: VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1242	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-002766	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0134	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-953	Trust: 0.6
db:	VULHUB	id:	VHN-374296	Trust: 0.1
db:	VULMON	id:	CVE-2021-1242	Trust: 0.1

sources: VULHUB: VHN-374296 // VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953 // NVD: CVE-2021-1242

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-teams-7zmcxg99	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1242	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0134/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374296 // VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953 // NVD: CVE-2021-1242

SOURCES

db:	VULHUB	id:	VHN-374296
db:	VULMON	id:	CVE-2021-1242
db:	JVNDB	id:	JVNDB-2021-002766
db:	CNNVD	id:	CNNVD-202101-953
db:	NVD	id:	CVE-2021-1242

LAST UPDATE DATE

2024-08-14T14:03:23.092000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374296	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1242	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002766	date:	2021-09-30T08:47:00
db:	CNNVD	id:	CNNVD-202101-953	date:	2021-06-17T00:00:00
db:	NVD	id:	CVE-2021-1242	date:	2023-11-07T03:27:46.303

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374296	date:	2021-01-13T00:00:00
db:	VULMON	id:	CVE-2021-1242	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002766	date:	2021-09-30T00:00:00
db:	CNNVD	id:	CNNVD-202101-953	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-1242	date:	2021-01-13T22:15:20.990