Cisco Webex Meetings Desktop アプリケーションおよび Windows 用 Webex Productivity Tools におけるデータクエリからの重要な情報の漏えいに関する脆弱性
| Title |
Cisco Webex Meetings Desktop アプリケーションおよび Windows 用 Webex Productivity Tools におけるデータクエリからの重要な情報の漏えいに関する脆弱性
|
| Summary |
Cisco Webex Meetings Desktop アプリケーションおよび Windows 用 Webex Productivity Tools には、データクエリからの重要な情報の漏えいに関する脆弱性が存在します。
|
| Possible impacts |
情報を取得される可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
Feb. 17, 2021, midnight |
| Registration Date |
Oct. 29, 2021, 4:37 p.m. |
| Last Update |
Oct. 29, 2021, 4:37 p.m. |
|
CVSS3.0 : 警告
|
| Score |
5.5
|
| Vector |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
CVSS2.0 : 注意
|
| Score |
2.1
|
| Vector |
AV:L/AC:L/Au:N/C:P/I:N/A:N |
Affected System
| シスコシステムズ |
|
Cisco WebEx Meetings
|
|
Cisco WebEx Meetings Server
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2021年10月29日]
掲載 |
Oct. 29, 2021, 4:37 p.m. |
NVD Vulnerability Information
CVE-2021-1372
| Summary |
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.
|
| Publication Date |
Feb. 18, 2021, 2:15 a.m. |
| Registration Date |
Feb. 18, 2021, 10:01 a.m. |
| Last Update |
Nov. 21, 2024, 2:44 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:* |
|
|
|
4.0 |
| cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3_security_patch3:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:cisco:webex_meetings:*:*:*:*:latest_channel:*:*:* |
|
|
|
40.10 |
| cpe:2.3:a:cisco:webex_meetings:*:*:*:*:slow_channel:*:*:* |
|
|
|
40.6 |
Related information, measures and tools
Common Vulnerabilities List