Sign-up

ID

VAR-202106-0913


CVE

CVE-2021-1524


TITLE

Cisco Meeting Server  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-001960

DESCRIPTION

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1524 // JVNDB: JVNDB-2021-001960 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374578

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:ltversion:3.1.1

Trust: 1.0

vendor:ciscomodel:meeting serverscope:gteversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco meeting serverscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco meeting serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-001960 // NVD: CVE-2021-1524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1524
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1524
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1524
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-1313
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374578
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1524
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-374578
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1524
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1524
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1524
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374578 // JVNDB: JVNDB-2021-001960 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1313 // NVD: CVE-2021-1524 // NVD: CVE-2021-1524

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374578 // JVNDB: JVNDB-2021-001960 // NVD: CVE-2021-1524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1313

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-meetingserver-dos-NzVWMMQTurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT

Trust: 0.8

title:Cisco Meeting Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154422

Trust: 0.6

sources: JVNDB: JVNDB-2021-001960 // CNNVD: CNNVD-202106-1313

EXTERNAL IDS

db:NVDid:CVE-2021-1524

Trust: 2.5

db:JVNDBid:JVNDB-2021-001960

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021061707

Trust: 0.6

db:AUSCERTid:ESB-2021.2148

Trust: 0.6

db:CNNVDid:CNNVD-202106-1313

Trust: 0.6

db:VULHUBid:VHN-374578

Trust: 0.1

sources: VULHUB: VHN-374578 // JVNDB: JVNDB-2021-001960 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1313 // NVD: CVE-2021-1524

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-meetingserver-dos-nzvwmmqt

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1524

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2148

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061707

Trust: 0.6

sources: VULHUB: VHN-374578 // JVNDB: JVNDB-2021-001960 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-1313 // NVD: CVE-2021-1524

SOURCES

db:VULHUBid:VHN-374578
db:JVNDBid:JVNDB-2021-001960
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-1313
db:NVDid:CVE-2021-1524

LAST UPDATE DATE

2024-08-14T12:20:35.740000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374578date:2021-06-24T00:00:00
db:JVNDBid:JVNDB-2021-001960date:2021-07-06T02:54:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-1313date:2021-06-28T00:00:00
db:NVDid:CVE-2021-1524date:2023-11-07T03:28:31.157

SOURCES RELEASE DATE

db:VULHUBid:VHN-374578date:2021-06-16T00:00:00
db:JVNDBid:JVNDB-2021-001960date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-1313date:2021-06-16T00:00:00
db:NVDid:CVE-2021-1524date:2021-06-16T18:15:08.217