ID

VAR-202106-0911


CVE

CVE-2021-1544


TITLE

Cisco Webex Meetings  Vulnerability in leaking important information to unauthorized control area in client software

Trust: 0.8

sources: JVNDB: JVNDB-2021-001961

DESCRIPTION

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 2.25

sources: NVD: CVE-2021-1544 // JVNDB: JVNDB-2021-001961 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374598

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetingsscope:ltversion:41.4.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco webex meetingsscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco webex meetingsscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001961 // NVD: CVE-2021-1544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1544
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1544
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1544
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-179
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374598
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-1544
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374598
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1544
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2021-1544
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374598 // JVNDB: JVNDB-2021-001961 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-179 // NVD: CVE-2021-1544 // NVD: CVE-2021-1544

PROBLEMTYPE DATA

problemtype:CWE-497

Trust: 1.1

problemtype:Leakage of important information to unauthorized control areas (CWE-497) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374598 // JVNDB: JVNDB-2021-001961 // NVD: CVE-2021-1544

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-179

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-webex-8fpBnKOzurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-8fpBnKOz

Trust: 0.8

title:Cisco Webex meeting Client software log mechanism Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152654

Trust: 0.6

sources: JVNDB: JVNDB-2021-001961 // CNNVD: CNNVD-202106-179

EXTERNAL IDS

db:NVDid:CVE-2021-1544

Trust: 2.5

db:JVNDBid:JVNDB-2021-001961

Trust: 0.8

db:CNNVDid:CNNVD-202106-179

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021060309

Trust: 0.6

db:AUSCERTid:ESB-2021.1911

Trust: 0.6

db:VULHUBid:VHN-374598

Trust: 0.1

sources: VULHUB: VHN-374598 // JVNDB: JVNDB-2021-001961 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-179 // NVD: CVE-2021-1544

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-8fpbnkoz

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-1544

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060309

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1911

Trust: 0.6

sources: VULHUB: VHN-374598 // JVNDB: JVNDB-2021-001961 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-179 // NVD: CVE-2021-1544

SOURCES

db:VULHUBid:VHN-374598
db:JVNDBid:JVNDB-2021-001961
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-179
db:NVDid:CVE-2021-1544

LAST UPDATE DATE

2024-08-14T13:14:32.503000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374598date:2021-06-14T00:00:00
db:JVNDBid:JVNDB-2021-001961date:2021-07-06T02:54:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-179date:2021-06-15T00:00:00
db:NVDid:CVE-2021-1544date:2023-11-07T03:28:35.290

SOURCES RELEASE DATE

db:VULHUBid:VHN-374598date:2021-06-04T00:00:00
db:JVNDBid:JVNDB-2021-001961date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-179date:2021-06-02T00:00:00
db:NVDid:CVE-2021-1544date:2021-06-04T17:15:10.050