Skip to main content

Meeting Server CVE-2021-1524

MEDIUM
Improper Input Validation (CWE-20)
2021-06-16 psirt@cisco.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 16, 2021 - 18:15 nvd
MEDIUM 6.5

DescriptionNVD

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition.

AnalysisAI

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition. Affected products include: Cisco Meeting Server.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-6448 CRITICAL
9.8 Nov 03

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated,

CVE-2016-6447 CRITICAL
9.8 Nov 03

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbit

CVE-2017-12249 CRITICAL
9.1 Sep 13

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an a

CVE-2016-6445 CRITICAL
9.1 Oct 27

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) befor

CVE-2016-6444 HIGH
8.8 Oct 27

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request

CVE-2018-0439 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote att

CVE-2017-3837 HIGH
8.1 Feb 22

An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Co

CVE-2018-0262 HIGH
8.1 May 02

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to c

CVE-2017-6763 HIGH
7.5 Aug 07

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthent

CVE-2017-3830 HIGH
7.5 Feb 22

A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to

CVE-2016-6446 HIGH
7.5 Oct 27

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memor

CVE-2021-40122 HIGH
7.5 Oct 21

A vulnerability in an API of the Call Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote atta

Share

CVE-2021-1524 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy