Details of VAR-202106-0903

ID

VAR-202106-0903

CVE

CVE-2021-1536

TITLE

plural Cisco Webex Vulnerability in uncontrolled search path elements in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-007640

DESCRIPTION

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account. plural Cisco Webex The product contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Webex Teams is a software for team collaboration from Cisco. The software can provide online communication for the team, with functions such as file sharing, digital whiteboard, and video conferencing. A code issue vulnerability exists in several Cisco products

Trust: 2.25

sources: NVD: CVE-2021-1536 // JVNDB: JVNDB-2021-007640 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374590

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings desktop	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	webex network recording player	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	webex teams	scope:	eq	version:	3.0.15485.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	cisco	model:	webex meetings online	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings desktop	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings online	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex network recording player	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex teams	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007640 // NVD: CVE-2021-1536

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1536
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1536
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1536
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-188
value:	HIGH
Trust: 0.6
VULHUB:	VHN-374590
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1536
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374590
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1536
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1536
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.3
impactScore:	3.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1536
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374590 // JVNDB: JVNDB-2021-007640 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-188 // NVD: CVE-2021-1536 // NVD: CVE-2021-1536

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374590 // JVNDB: JVNDB-2021-007640 // NVD: CVE-2021-1536

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-188

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-webex-dll-inject-XNmcSGTU	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-dll-inject-XNmcSGTU	Trust: 0.8
title:	Cisco Webex Teams Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152660	Trust: 0.6

sources: JVNDB: JVNDB-2021-007640 // CNNVD: CNNVD-202106-188

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1536	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007640	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-188	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060308	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1912	Trust: 0.6
db:	VULHUB	id:	VHN-374590	Trust: 0.1

sources: VULHUB: VHN-374590 // JVNDB: JVNDB-2021-007640 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-188 // NVD: CVE-2021-1536

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-dll-inject-xnmcsgtu	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1536	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060308	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1912	Trust: 0.6

sources: VULHUB: VHN-374590 // JVNDB: JVNDB-2021-007640 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-188 // NVD: CVE-2021-1536

SOURCES

db:	VULHUB	id:	VHN-374590
db:	JVNDB	id:	JVNDB-2021-007640
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-188
db:	NVD	id:	CVE-2021-1536

LAST UPDATE DATE

2024-08-14T13:13:34.061000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374590	date:	2021-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-007640	date:	2022-02-18T07:26:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-188	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1536	date:	2023-11-07T03:28:33.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374590	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-007640	date:	2022-02-18T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-188	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1536	date:	2021-06-04T17:15:09.150