cisco collaboration-meeting-rooms CVE-2021-1500 vulnerability in Cisco Products
Published on November 4, 2021

Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-1500 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is an Open Redirect Vulnerability?

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

CVE-2021-1500 has been classified to as an Open Redirect vulnerability or weakness.


Products Associated with CVE-2021-1500

stack.watch emails you whenever new vulnerabilities are published in Cisco Collaboration Meeting Rooms or Cisco Webex Video Mesh. Just hit a watch button to start following.

Cisco Collaboration Meeting Rooms
 
Cisco Webex Video Mesh
 

Affected Versions

Cisco Webex Video Mesh Version n/a is affected by CVE-2021-1500

Exploit Probability

EPSS
0.18%
Percentile
39.94%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.