Details of VAR-202106-0914

ID

VAR-202106-0914

CVE

CVE-2021-1525

TITLE

Cisco Webex Meetings and Cisco Webex Meetings Server Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001957

DESCRIPTION

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Offers video and audio conferencing with sharing, chat, and more

Trust: 2.34

sources: NVD: CVE-2021-1525 // JVNDB: JVNDB-2021-001957 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374579 // VULMON: CVE-2021-1525

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex meetings online	scope:	eq	version:	41.3.5	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	4.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings online	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-001957 // NVD: CVE-2021-1525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1525
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1525
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1525
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-170
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374579
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1525
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1525
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374579
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1525
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1525
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1525
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374579 // VULMON: CVE-2021-1525 // JVNDB: JVNDB-2021-001957 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-170 // NVD: CVE-2021-1525 // NVD: CVE-2021-1525

PROBLEMTYPE DATA

problemtype:	CWE-601	Trust: 1.1
problemtype:	Open redirect (CWE-601) [ Other ]	Trust: 0.8

sources: VULHUB: VHN-374579 // JVNDB: JVNDB-2021-001957 // NVD: CVE-2021-1525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-170

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	cisco-sa-webex-redirect-XuZFU3PH	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-redirect-XuZFU3PH	Trust: 0.8
title:	Cisco Webex Meetings Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152647	Trust: 0.6
title:	Cisco: Cisco Webex Meetings and Webex Meetings Server File Redirect Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-redirect-XuZFU3PH	Trust: 0.1

sources: VULMON: CVE-2021-1525 // JVNDB: JVNDB-2021-001957 // CNNVD: CNNVD-202106-170

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1525	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-001957	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-170	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060307	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1910	Trust: 0.6
db:	VULHUB	id:	VHN-374579	Trust: 0.1
db:	VULMON	id:	CVE-2021-1525	Trust: 0.1

sources: VULHUB: VHN-374579 // VULMON: CVE-2021-1525 // JVNDB: JVNDB-2021-001957 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-170 // NVD: CVE-2021-1525

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-redirect-xuzfu3ph	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1525	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060307	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1910	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/601.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374579 // VULMON: CVE-2021-1525 // JVNDB: JVNDB-2021-001957 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-170 // NVD: CVE-2021-1525

SOURCES

db:	VULHUB	id:	VHN-374579
db:	VULMON	id:	CVE-2021-1525
db:	JVNDB	id:	JVNDB-2021-001957
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-170
db:	NVD	id:	CVE-2021-1525

LAST UPDATE DATE

2024-08-14T12:37:28.231000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374579	date:	2021-06-14T00:00:00
db:	VULMON	id:	CVE-2021-1525	date:	2021-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-001957	date:	2021-07-06T02:54:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-170	date:	2021-06-15T00:00:00
db:	NVD	id:	CVE-2021-1525	date:	2023-11-07T03:28:31.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374579	date:	2021-06-04T00:00:00
db:	VULMON	id:	CVE-2021-1525	date:	2021-06-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-001957	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-170	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1525	date:	2021-06-04T17:15:08.533