CVE-2021-1410

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings (affected versions not specified)

Description: A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The issue is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this by sending a crafted request to the Webex Meetings interface to modify an existing distribution list, potentially allowing them to modify a distribution list belonging to another user.

Recommendations: For all affected versions, update to the latest software version released by Cisco, as it addresses this vulnerability. At the moment, there is no information about additional mitigation measures or workarounds that address this vulnerability.