ID

VAR-202101-1016


CVE

CVE-2021-1242


TITLE

Cisco Webex Teams  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-002766

DESCRIPTION

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks. Cisco Webex Teams Contains an unspecified vulnerability.Information may be tampered with. Cisco Webex Teams is a team collaboration application of Cisco (Cisco). The program includes video conferencing, group messaging and file sharing capabilities

Trust: 1.8

sources: NVD: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // VULHUB: VHN-374296 // VULMON: CVE-2021-1242

AFFECTED PRODUCTS

vendor:ciscomodel:webex teamsscope:ltversion:40.12.0.17293

Trust: 1.0

vendor:シスコシステムズmodel:cisco webex teamsscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco webex teamsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-002766 // NVD: CVE-2021-1242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1242
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1242
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1242
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-953
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374296
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1242
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1242
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374296
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1242
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1242
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374296 // VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953 // NVD: CVE-2021-1242 // NVD: CVE-2021-1242

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-450

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-002766 // NVD: CVE-2021-1242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-953

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-953

PATCH

title:cisco-sa-webex-teams-7ZMcXG99url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99

Trust: 0.8

title:Cisco Webex Teams Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139059

Trust: 0.6

title:Cisco: Cisco Webex Teams Shared File Manipulation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-teams-7ZMcXG99

Trust: 0.1

sources: VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953

EXTERNAL IDS

db:NVDid:CVE-2021-1242

Trust: 2.6

db:JVNDBid:JVNDB-2021-002766

Trust: 0.8

db:AUSCERTid:ESB-2021.0134

Trust: 0.6

db:CNNVDid:CNNVD-202101-953

Trust: 0.6

db:VULHUBid:VHN-374296

Trust: 0.1

db:VULMONid:CVE-2021-1242

Trust: 0.1

sources: VULHUB: VHN-374296 // VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953 // NVD: CVE-2021-1242

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-teams-7zmcxg99

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1242

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.0134/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374296 // VULMON: CVE-2021-1242 // JVNDB: JVNDB-2021-002766 // CNNVD: CNNVD-202101-953 // NVD: CVE-2021-1242

SOURCES

db:VULHUBid:VHN-374296
db:VULMONid:CVE-2021-1242
db:JVNDBid:JVNDB-2021-002766
db:CNNVDid:CNNVD-202101-953
db:NVDid:CVE-2021-1242

LAST UPDATE DATE

2024-08-14T14:03:23.092000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374296date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1242date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2021-002766date:2021-09-30T08:47:00
db:CNNVDid:CNNVD-202101-953date:2021-06-17T00:00:00
db:NVDid:CVE-2021-1242date:2023-11-07T03:27:46.303

SOURCES RELEASE DATE

db:VULHUBid:VHN-374296date:2021-01-13T00:00:00
db:VULMONid:CVE-2021-1242date:2021-01-13T00:00:00
db:JVNDBid:JVNDB-2021-002766date:2021-09-30T00:00:00
db:CNNVDid:CNNVD-202101-953date:2021-01-13T00:00:00
db:NVDid:CVE-2021-1242date:2021-01-13T22:15:20.990