Vulnerability Details : CVE-2021-1467
A vulnerability in Cisco Webex Meetings for Android could allow an authenticated, remote attacker to modify the avatar of another user. This vulnerability is due to improper authorization checks. An attacker could exploit this vulnerability by sending a crafted request to the Cisco Webex Meetings client of a targeted user of a meeting in which they are both participants. A successful exploit could allow the attacker to modify the avatar of the targeted user.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-1467
- cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-1467
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-1467
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
Cisco Systems, Inc. | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2021-1467
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2021-1467
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-andro-iac-f3UR8frB
Cisco Webex Meetings for Android Avatar Modification VulnerabilityVendor Advisory
Jump to