CVE-2021-1311

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings and Cisco Webex Meetings Server (affected versions not specified)

Description: The issue is related to a lack of protection against brute forcing of the host key in the reclaim host role feature. This could allow a remote attacker to take over the host role during a meeting by sending crafted requests to a vulnerable site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords.

Recommendations: As a temporary workaround, consider restricting access to the reclaim host role feature until a patch is available. Restrict access to the host key to minimize the risk of exploitation. Avoid using the reclaim host role feature in the affected Cisco Webex Meetings or Webex Meetings Server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.