First published: Fri Jun 04 2021(Updated: )
A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Webex Meetings Online | =41.3.5 | |
Cisco WebEx Meetings Server | <3.0 | |
Cisco WebEx Meetings Server | =3.0 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release1 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release2 | |
Cisco WebEx Meetings Server | =3.0-maintenance_release3 | |
Cisco WebEx Meetings Server | =4.0 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release1 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release2 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release3 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release3_security_patch3 | |
Cisco WebEx Meetings Server | =4.0-maintenance_release3_security_patch4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1517 is a vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server.
CVE-2021-1517 has a severity rating of 4.3, which is considered medium.
CVE-2021-1517 affects Cisco Webex Meetings versions 41.3.5 and earlier.
CVE-2021-1517 affects Cisco Webex Meetings Server versions 3.0, 3.0-maintenance_release1, 3.0-maintenance_release2, 3.0-maintenance_release3, 4.0, 4.0-maintenance_release1, 4.0-maintenance_release2, 4.0-maintenance_release3, 4.0-maintenance_release3_security_patch3, and 4.0-maintenance_release3_security_patch4.
To fix CVE-2021-1517, users should update to the latest version of Cisco Webex Meetings or Cisco Webex Meetings Server.