Details of VAR-202104-0892

ID

VAR-202104-0892

CVE

CVE-2021-1467

TITLE

Cisco Webex Meetings Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202104-431

DESCRIPTION

A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 1.08

sources: NVD: CVE-2021-1467 // VULHUB: VHN-374521 // VULMON: CVE-2021-1467

AFFECTED PRODUCTS

vendor:

cisco

model:

webex meetings

scope:

version:

41.3

Trust: 1.0

sources: NVD: CVE-2021-1467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1467
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1467
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-431
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374521
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1467
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1467
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374521
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1467
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374521 // VULMON: CVE-2021-1467 // CNNVD: CNNVD-202104-431 // NVD: CVE-2021-1467 // NVD: CVE-2021-1467

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0

sources: NVD: CVE-2021-1467

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-431

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-431

PATCH

title:	Cisco Webex Meetings Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147013	Trust: 0.6
title:	Cisco: Cisco Webex Meetings for Android Avatar Modification Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-andro-iac-f3UR8frB	Trust: 0.1

sources: VULMON: CVE-2021-1467 // CNNVD: CNNVD-202104-431

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1467	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-431	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.1173	Trust: 0.6
db:	VULHUB	id:	VHN-374521	Trust: 0.1
db:	VULMON	id:	CVE-2021-1467	Trust: 0.1

sources: VULHUB: VHN-374521 // VULMON: CVE-2021-1467 // CNNVD: CNNVD-202104-431 // NVD: CVE-2021-1467

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-andro-iac-f3ur8frb	Trust: 1.9
url:	https://www.auscert.org.au/bulletins/esb-2021.1173	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-webex-meetings-for-android-spoofing-via-avatar-modification-35028	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1467	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/284.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374521 // VULMON: CVE-2021-1467 // CNNVD: CNNVD-202104-431 // NVD: CVE-2021-1467

SOURCES

db:	VULHUB	id:	VHN-374521
db:	VULMON	id:	CVE-2021-1467
db:	CNNVD	id:	CNNVD-202104-431
db:	NVD	id:	CVE-2021-1467

LAST UPDATE DATE

2024-11-23T22:33:05.710000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374521	date:	2022-08-05T00:00:00
db:	VULMON	id:	CVE-2021-1467	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-431	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2021-1467	date:	2024-11-21T05:44:25.383

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374521	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-1467	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-431	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1467	date:	2021-04-08T04:15:13.593