Details of VAR-202106-0912

ID

VAR-202106-0912

CVE

CVE-2021-1517

TITLE

Cisco Webex Meetings and Cisco Webex Meetings Server Vulnerability regarding a defect in the protection mechanism in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012348

DESCRIPTION

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco Webex Meeting Center is an online collaborative video conferencing solution from Cisco. A security vulnerability exists in several Cisco products

Trust: 2.25

sources: NVD: CVE-2021-1517 // JVNDB: JVNDB-2021-012348 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374571

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex meetings online	scope:	eq	version:	41.3.5	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings online	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-012348 // NVD: CVE-2021-1517

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1517
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1517
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1517
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-163
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374571
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1517
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-374571
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1517
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1517
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1517
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374571 // JVNDB: JVNDB-2021-012348 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-163 // NVD: CVE-2021-1517 // NVD: CVE-2021-1517

PROBLEMTYPE DATA

problemtype:	CWE-693	Trust: 1.1
problemtype:	Malfunction of protection mechanism (CWE-693) [ others ]	Trust: 0.8

sources: VULHUB: VHN-374571 // JVNDB: JVNDB-2021-012348 // NVD: CVE-2021-1517

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-163

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-163

PATCH

title:

cisco-sa-webex-multimedia-26DpqVRO

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-multimedia-26DpqVRO

Trust: 0.8

sources: JVNDB: JVNDB-2021-012348

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1517	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-012348	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060307	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1910	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-163	Trust: 0.6
db:	VULHUB	id:	VHN-374571	Trust: 0.1

sources: VULHUB: VHN-374571 // JVNDB: JVNDB-2021-012348 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-163 // NVD: CVE-2021-1517

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-multimedia-26dpqvro	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1517	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060307	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1910	Trust: 0.6

sources: VULHUB: VHN-374571 // JVNDB: JVNDB-2021-012348 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-163 // NVD: CVE-2021-1517

SOURCES

db:	VULHUB	id:	VHN-374571
db:	JVNDB	id:	JVNDB-2021-012348
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-163
db:	NVD	id:	CVE-2021-1517

LAST UPDATE DATE

2024-08-14T12:57:08.206000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374571	date:	2021-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-012348	date:	2022-08-30T02:56:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-163	date:	2021-06-16T00:00:00
db:	NVD	id:	CVE-2021-1517	date:	2023-11-07T03:28:29.870

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374571	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-012348	date:	2022-08-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-163	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1517	date:	2021-06-04T17:15:08.410