Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2021-34743
HistoryOct 21, 2021 - 3:15 a.m.

CVE-2021-34743

2021-10-2103:15:06
CWE-352
cisco
web.nvd.nist.gov
35
2
cisco
webex
software
vulnerability
integration
csrf
authorization
remote attacker
security
nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

7

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user’s account without that user’s express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user’s behalf without the express consent of the user, possibly allowing external applications to read data from that user’s profile.

Affected configurations

Nvd
Node
ciscowebex_meetingsMatch-
VendorProductVersionCPE
ciscowebex_meetings-cpe:2.3:a:cisco:webex_meetings:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Webex Meetings",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Social References

More

Related

cisco 1
cvelist 1
nvd 1
prion 1
cisco
cisco
Cisco Webex Software Application Authorization Bypass Vulnerability
2021-10-20 16:00:00
cvelist
cvelist
CVE-2021-34743 Cisco Webex Software Application Authorization Bypass Vulnerability
2021-10-21 02:50:17
nvd
nvd
CVE-2021-34743
2021-10-21 03:15:06
prion
prion
Cross site request forgery (csrf)
2021-10-21 03:15:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

AI Score

7

Confidence

High

EPSS

0.001

Percentile

32.2%

JSON
Related for CVE-2021-34743
cisco1cvelist1nvd1prion1