cisco webex-meetings CVE-2021-40128 is a vulnerability in Cisco Webex Meetings
Published on November 4, 2021

Cisco Webex Meetings Email Content Injection Vulnerability
A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-40128 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

What is an Allowlist / Allow List Vulnerability?

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.

CVE-2021-40128 has been classified to as an Allowlist / Allow List vulnerability or weakness.


Products Associated with CVE-2021-40128

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-40128 are published in Cisco Webex Meetings:

Cisco Webex Meetings
 

Affected Versions

Cisco Webex Meetings Version n/a is affected by CVE-2021-40128

Exploit Probability

EPSS
0.09%
Percentile
24.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.