CVE-2021-1517: Cisco Webex Meetings and Webex Meetings Server Multimedia Sharing Security Bypass Vulnerability
First published: Fri Jun 04 2021(Updated: )
A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. This vulnerability is due to unsafe handling of shared content within the multimedia viewer feature. An attacker could exploit this vulnerability by sharing a file through the multimedia viewer feature. A successful exploit could allow the attacker to bypass security protections and prevent warning dialogs from appearing before files are offered to other users.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings Online | =41.3.5 | |
| Cisco WebEx Meetings Server | <3.0 | |
| Cisco WebEx Meetings Server | =3.0 | |
| Cisco WebEx Meetings Server | =3.0-maintenance_release1 | |
| Cisco WebEx Meetings Server | =3.0-maintenance_release2 | |
| Cisco WebEx Meetings Server | =3.0-maintenance_release3 | |
| Cisco WebEx Meetings Server | =4.0 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release1 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release2 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release3 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release3_security_patch3 | |
| Cisco WebEx Meetings Server | =4.0-maintenance_release3_security_patch4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-1517?
CVE-2021-1517 is a vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server.
How serious is CVE-2021-1517?
CVE-2021-1517 has a severity rating of 4.3, which is considered medium.
How does CVE-2021-1517 affect Cisco Webex Meetings?
CVE-2021-1517 affects Cisco Webex Meetings versions 41.3.5 and earlier.
How does CVE-2021-1517 affect Cisco Webex Meetings Server?
CVE-2021-1517 affects Cisco Webex Meetings Server versions 3.0, 3.0-maintenance_release1, 3.0-maintenance_release2, 3.0-maintenance_release3, 4.0, 4.0-maintenance_release1, 4.0-maintenance_release2, 4.0-maintenance_release3, 4.0-maintenance_release3_security_patch3, and 4.0-maintenance_release3_security_patch4.
How can I fix CVE-2021-1517?
To fix CVE-2021-1517, users should update to the latest version of Cisco Webex Meetings or Cisco Webex Meetings Server.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- vendor/cisco
- canonical/cisco webex meetings online
- version/cisco webex meetings online/41.3.5
- canonical/cisco webex meetings server
- version/cisco webex meetings server/3.0
- version/cisco webex meetings server/3.0-maintenance_release1
- version/cisco webex meetings server/3.0-maintenance_release2
- version/cisco webex meetings server/3.0-maintenance_release3
- version/cisco webex meetings server/4.0
- version/cisco webex meetings server/4.0-maintenance_release1
- version/cisco webex meetings server/4.0-maintenance_release2
- version/cisco webex meetings server/4.0-maintenance_release3
- version/cisco webex meetings server/4.0-maintenance_release3_security_patch3
- version/cisco webex meetings server/4.0-maintenance_release3_security_patch4