First published: Wed Jan 13 2021(Updated: )
A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. This vulnerability is due to a lack of protection against brute forcing of the host key. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Webex Meetings Server site. A successful exploit would require the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. A successful exploit could allow the attacker to acquire or take over the host role for a meeting.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings | <2020-12-15 | |
Cisco WebEx Meetings Server | <3.0 | |
Cisco WebEx Meetings Server | =3.0 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release1 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release2 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release3 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release4 | |
Cisco WebEx Meetings Server | =4.0 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release1 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release2 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release3 | |
Cisco Webex Meetings | <40.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco Webex Meetings vulnerability is CVE-2021-1311.
The severity rating of CVE-2021-1311 is 5.4 (Medium).
This vulnerability affects Cisco Webex Meetings and Cisco WebEx Meetings Server versions up to and including 2020-12-15 and 3.0, including maintenance releases 1, 2, 3, 4, and 4.0, including maintenance releases 1, 2, and 3.
An attacker can exploit this vulnerability by brute-forcing the host key during a meeting to take over the host role.
You can find more information about CVE-2021-1311 on the Cisco Security Advisory page: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-brutef-hostkey-FWRMxVF.