Details of VAR-202101-1033

ID

VAR-202101-1033

CVE

CVE-2021-1310

TITLE

Cisco Webex Meetings Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-002756

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites. Cisco Webex Meetings Contains an open redirect vulnerability.Information may be tampered with. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.71

sources: NVD: CVE-2021-1310 // JVNDB: JVNDB-2021-002756 // VULHUB: VHN-374364

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	lt	version:	40.11.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-002756 // NVD: CVE-2021-1310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1310
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1310
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1310
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202101-951
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374364
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1310
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374364
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1310
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-1310
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374364 // JVNDB: JVNDB-2021-002756 // CNNVD: CNNVD-202101-951 // NVD: CVE-2021-1310 // NVD: CVE-2021-1310

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	Open redirect (CWE-601) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-374364 // JVNDB: JVNDB-2021-002756 // NVD: CVE-2021-1310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-951

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202101-951

PATCH

title:	cisco-sa-webex-open-redirect-PWvBQ2q	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-open-redirect-PWvBQ2q	Trust: 0.8
title:	Cisco Webex Meetings Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139418	Trust: 0.6

sources: JVNDB: JVNDB-2021-002756 // CNNVD: CNNVD-202101-951

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1310	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-002756	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.0135	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-951	Trust: 0.6
db:	VULHUB	id:	VHN-374364	Trust: 0.1

sources: VULHUB: VHN-374364 // JVNDB: JVNDB-2021-002756 // CNNVD: CNNVD-202101-951 // NVD: CVE-2021-1310

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-open-redirect-pwvbq2q	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1310	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0135/	Trust: 0.6

sources: VULHUB: VHN-374364 // JVNDB: JVNDB-2021-002756 // CNNVD: CNNVD-202101-951 // NVD: CVE-2021-1310

SOURCES

db:	VULHUB	id:	VHN-374364
db:	JVNDB	id:	JVNDB-2021-002756
db:	CNNVD	id:	CNNVD-202101-951
db:	NVD	id:	CVE-2021-1310

LAST UPDATE DATE

2024-11-23T22:16:09.779000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374364	date:	2021-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-002756	date:	2021-09-30T07:09:00
db:	CNNVD	id:	CNNVD-202101-951	date:	2021-01-21T00:00:00
db:	NVD	id:	CVE-2021-1310	date:	2024-11-21T05:44:03.853

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374364	date:	2021-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-002756	date:	2021-09-30T00:00:00
db:	CNNVD	id:	CNNVD-202101-951	date:	2021-01-13T00:00:00
db:	NVD	id:	CVE-2021-1310	date:	2021-01-13T22:15:21.553