CVE-2021-1524

CVE Database · CVE-2021-1524

CVE-2021-1524

· MEDIUMModified

CVSS v3.1

4.3

EPSS

1.10%

Published

Jun 16, 2021

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-20

Affected Products (1)

cisco · meeting_server (up to 3.1.1)vulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meetingserver-dos-NzVWMMQT

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs