Details of VAR-202111-0400

ID

VAR-202111-0400

CVE

CVE-2021-40128

TITLE

Cisco Webex Meetings Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202111-395

DESCRIPTION

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website. Cisco Webex Meetings is a set of video conferencing solutions of Cisco (Cisco)

Trust: 0.99

sources: NVD: CVE-2021-40128 // VULHUB: VHN-398024

AFFECTED PRODUCTS

vendor:

cisco

model:

webex meetings

scope:

version:

Trust: 1.0

sources: NVD: CVE-2021-40128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40128
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-40128
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202111-395
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398024
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-40128
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-398024
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-40128
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-398024 // CNNVD: CNNVD-202111-395 // NVD: CVE-2021-40128 // NVD: CVE-2021-40128

PROBLEMTYPE DATA

problemtype:	CWE-183	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-398024 // NVD: CVE-2021-40128

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-395

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-395

PATCH

title:

Cisco Webex Meetings Enter the fix for the verification error vulnerability

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168539

Trust: 0.6

sources: CNNVD: CNNVD-202111-395

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40128	Trust: 1.7
db:	CNNVD	id:	CNNVD-202111-395	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.3687	Trust: 0.6
db:	CS-HELP	id:	SB2021110410	Trust: 0.6
db:	CNVD	id:	CNVD-2021-103094	Trust: 0.1
db:	VULHUB	id:	VHN-398024	Trust: 0.1

sources: VULHUB: VHN-398024 // CNNVD: CNNVD-202111-395 // NVD: CVE-2021-40128

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-webex-activation-3sdnfxcy	Trust: 2.3
url:	https://www.cybersecurity-help.cz/vdb/sb2021110410	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3687	Trust: 0.6

sources: VULHUB: VHN-398024 // CNNVD: CNNVD-202111-395 // NVD: CVE-2021-40128

SOURCES

db:	VULHUB	id:	VHN-398024
db:	CNNVD	id:	CNNVD-202111-395
db:	NVD	id:	CVE-2021-40128

LAST UPDATE DATE

2024-11-23T22:16:00.203000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398024	date:	2022-08-05T00:00:00
db:	CNNVD	id:	CNNVD-202111-395	date:	2022-08-10T00:00:00
db:	NVD	id:	CVE-2021-40128	date:	2024-11-21T06:23:38.237

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398024	date:	2021-11-04T00:00:00
db:	CNNVD	id:	CNNVD-202111-395	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-40128	date:	2021-11-04T16:15:09.717