Vulnerabilities > CVE-2021-1525 - Open Redirect vulnerability in Cisco Webex Meetings Server

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

cisco

CWE-601

NVD

Published: 2021-06-04

Updated: 2023-11-07

Summary

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. This vulnerability is due to improper validation of URL paths in the application interface. An attacker could exploit this vulnerability by persuading a user to follow a specially crafted URL that is designed to cause Cisco Webex Meetings to include a remote file in the web UI. A successful exploit could allow the attacker to cause the application to offer a remote file to a user, which could allow the attacker to conduct further phishing or spoofing attacks.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Webex Meetings Server - Cisco Webex Meetings Server 1.0 Cisco Webex Meetings Server 1.1 Cisco Webex Meetings Server 1.1_Base Cisco Webex Meetings Server 1.5 Cisco Webex Meetings Server 1.5\(.1.6\) Cisco Webex Meetings Server 1.5\(.1.131\) Cisco Webex Meetings Server 1.5.1.6 Cisco Webex Meetings Server 1.5.1.131 Cisco Webex Meetings Server 1.5_Base Cisco Webex Meetings Server 2.0 Cisco Webex Meetings Server 2.0.1.107 Cisco Webex Meetings Server 2.0_Base Cisco Webex Meetings Server 2.0_Mr2 Cisco Webex Meetings Server 2.0_Mr3 Cisco Webex Meetings Server 2.0_Mr4 Cisco Webex Meetings Server 2.0_Mr5 Cisco Webex Meetings Server 2.0_Mr6 Cisco Webex Meetings Server 2.0_Mr7 Cisco Webex Meetings Server 2.0_Mr8 Cisco Webex Meetings Server 2.0_Mr9 Cisco Webex Meetings Server 2.5 Cisco Webex Meetings Server 2.5\(1\) Cisco Webex Meetings Server 2.5.0.997 Cisco Webex Meetings Server 2.5.1.5 Cisco Webex Meetings Server 2.5.1.29 Cisco Webex Meetings Server 2.5_Base Cisco Webex Meetings Server 2.5_Mr1 Cisco Webex Meetings Server 2.5_Mr2 Cisco Webex Meetings Server 2.5_Mr3 Cisco Webex Meetings Server 2.5_Mr4 Cisco Webex Meetings Server 2.5_Mr5 Cisco Webex Meetings Server 2.5_Mr6 Cisco Webex Meetings Server 2.6 Cisco Webex Meetings Server 2.6.0 Cisco Webex Meetings Server 2.6.0.8 Cisco Webex Meetings Server 2.6.1.39 Cisco Webex Meetings Server 2.6_Base Cisco Webex Meetings Server 2.6_Mr1 Cisco Webex Meetings Server 2.6_Mr2 Cisco Webex Meetings Server 2.6_Mr3 Cisco Webex Meetings Server 2.7 Cisco Webex Meetings Server 2.7.0 Cisco Webex Meetings Server 2.7.1 Cisco Webex Meetings Server 2.7_Base Cisco Webex Meetings Server 2.7_Mr1 Cisco Webex Meetings Server 2.7_Mr2 Cisco Webex Meetings Server 2.8 Cisco Webex Meetings Server 2.8\(1\) Cisco Webex Meetings Server 2.8.1.17 Cisco Webex Meetings Server 2.8.1.1023 Cisco Webex Meetings Server 3.0 Cisco Webex Meetings Server 4.0 Cisco Webex Meetings Online 41.3.5	89

Common Weakness Enumeration (CWE)

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Common Attack Pattern Enumeration and Classification (CAPEC)

Fake the Source of Data
An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-redirect-XuZFU3PH