PT-2021-7449 · Cisco · Cisco Webex Meetings Server+1

Alexandros Zacharis

Published

2021-06-02

Updated

2021-06-14

CVE-2021-1525

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings and Cisco Webex Meetings Server (affected versions not specified)

Description The issue is related to improper validation of URL paths in the application interface, allowing an unauthenticated, remote attacker to redirect users to a malicious file. This could be achieved by persuading a user to follow a specially crafted URL, enabling the attacker to include a remote file in the web UI. A successful exploit could allow the attacker to conduct further phishing or spoofing attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BDU:2022-06347

CVE-2021-1525

Affected Products

Cisco Webex Meetings

Cisco Webex Meetings Server

PT-2021-7449 · Cisco · Cisco Webex Meetings Server+1

CVE-2021-1525

Weakness Enumeration

Related Identifiers

Affected Products

References · 5