Details of VAR-202110-0582

ID

VAR-202110-0582

CVE

CVE-2021-34743

TITLE

Cisco Webex Software Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014155

DESCRIPTION

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile. Cisco Webex is a video conferencing and collaboration product suite of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2021-34743 // JVNDB: JVNDB-2021-014155 // VULHUB: VHN-394985 // VULMON: CVE-2021-34743

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco webex meetings	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014155 // NVD: CVE-2021-34743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34743
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34743
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34743
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-1491
value:	HIGH
Trust: 0.6
VULHUB:	VHN-394985
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34743
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-394985
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34743
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-34743
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-34743
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-394985 // JVNDB: JVNDB-2021-014155 // CNNVD: CNNVD-202110-1491 // NVD: CVE-2021-34743 // NVD: CVE-2021-34743

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.1
problemtype:	Cross-site request forgery (CWE-352) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-394985 // JVNDB: JVNDB-2021-014155 // NVD: CVE-2021-34743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1491

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202110-1491

PATCH

title:	cisco-sa-webex-2FmKd7T	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-2FmKd7T	Trust: 0.8
title:	Cisco Webex Fixes for cross-site request forgery vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168322	Trust: 0.6
title:	Cisco: Cisco Webex Software Application Authorization Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-webex-2FmKd7T	Trust: 0.1

sources: VULMON: CVE-2021-34743 // JVNDB: JVNDB-2021-014155 // CNNVD: CNNVD-202110-1491

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34743	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-014155	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-1491	Trust: 0.7
db:	CS-HELP	id:	SB2021102128	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3506	Trust: 0.6
db:	VULHUB	id:	VHN-394985	Trust: 0.1
db:	VULMON	id:	CVE-2021-34743	Trust: 0.1

sources: VULHUB: VHN-394985 // VULMON: CVE-2021-34743 // JVNDB: JVNDB-2021-014155 // CNNVD: CNNVD-202110-1491 // NVD: CVE-2021-34743

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-2fmkd7t	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34743	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021102128	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3506	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-394985 // VULMON: CVE-2021-34743 // JVNDB: JVNDB-2021-014155 // CNNVD: CNNVD-202110-1491 // NVD: CVE-2021-34743

SOURCES

db:	VULHUB	id:	VHN-394985
db:	VULMON	id:	CVE-2021-34743
db:	JVNDB	id:	JVNDB-2021-014155
db:	CNNVD	id:	CNNVD-202110-1491
db:	NVD	id:	CVE-2021-34743

LAST UPDATE DATE

2024-08-14T14:18:20.681000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-394985	date:	2021-10-26T00:00:00
db:	VULMON	id:	CVE-2021-34743	date:	2021-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-014155	date:	2022-10-06T05:41:00
db:	CNNVD	id:	CNNVD-202110-1491	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-34743	date:	2023-11-07T03:36:16.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-394985	date:	2021-10-21T00:00:00
db:	VULMON	id:	CVE-2021-34743	date:	2021-10-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-014155	date:	2022-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-1491	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2021-34743	date:	2021-10-21T03:15:06.987