====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN075
_____________________________________________________________________

DATE                : 04/02/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Cisco Webex Meetings versions
                                 prior to 41.1.0,
                     Cisco Webex Meetings Server versions prior to
                     3.0MR3 Security Patch5, 4.0MR3 Security Patch4.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9
_____________________________________________________________________

Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink
Injection Vulnerability

Medium


Advisory ID:       cisco-sa-wbx-linkinj-WWZpVqu9
First Published:   2021 February 3 16:00 GMT
Version 1.0:       Final
Workarounds:       No workarounds available
Cisco Bug IDs:     CSCvw13888
                   CSCvw13891
CVSS Score:        Base 4.1

CVE-2021-1221

CWE-20


Summary

    A vulnerability in the user interface of Cisco Webex Meetings and
Cisco Webex Meetings Server Software could allow an authenticated,
remote attacker to inject a hyperlink into a meeting invitation email.

    The vulnerability is due to insufficient input validation. An
attacker could exploit this vulnerability by entering a URL into a field
in the user interface. A successful exploit could allow the attacker to
generate a Webex Meetings invitation email that contains a link to a
destination of their choosing. Because this email is sent from a trusted
source, the recipient may be more likely to click the link.

    Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

    This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9


Affected Products

    Vulnerable Products

    At the time of publication, this vulnerability affected the
following Cisco products:

        Releases earlier than Release 41.1.0 of Webex Meetings, which is
cloud based

        Releases earlier than Release 3.0MR3 Security Patch5 of Webex
Meetings Server 3.0

        Releases earlier than Release 4.0MR3 Security Patch4 of Webex
Meetings Server 4.0


    See the Details section in the bug ID(s) at the top of this advisory
for the most complete and current information.


    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this
advisory are known to be affected by this vulnerability.


Workarounds

    There are no workarounds that address this vulnerability.


Fixed Software

    When considering software upgrades, customers are advised to
regularly consult the advisories for Cisco products, which are available
from the Cisco Security Advisories page, to determine exposure and a
complete upgrade solution.

    In all cases, customers should ensure that the devices to be
upgraded contain sufficient memory and confirm that current hardware and
software configurations will continue to be supported properly by the
new release. If the information is not clear, customers are advised to
contact the Cisco Technical Assistance Center (TAC) or their contracted
maintenance providers.


    Fixed Releases

    Cisco has addressed this vulnerability in Cisco Webex Meetings
41.1.0, which is cloud based. No user action is required. Customers can
determine the current remediation status or software version by using
the Help function in the service GUI. Customers who need additional
information are advised to contact the Cisco Technical Assistance Center
(TAC) or their contracted maintenance providers.

    At the time of publication, Cisco Webex Meeting Server releases
3.0MR3 Security Patch5 and later and releases 4.0MR3 Security Patch4 and
later contained the fix for this vulnerability.

    See the Details section in the bug ID(s) at the top of this advisory
for the most complete and current information.


Exploitation and Public Announcements

    The Cisco Product Security Incident Response Team (PSIRT) is not
aware of any public announcements or malicious use of the vulnerability
that is described in this advisory.


Source

    Cisco would like to thank Abhinav Khanna of eSec Forte Technologies
for reporting this vulnerability.


URL


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wbx-linkinj-WWZpVqu9


Revision History

Version 	Description 	Section 	Status 	Date
1.0 	Initial public release. 	— 	Final 	2021-FEB-03


Legal Disclaimer

    THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT
YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS
DOCUMENT AT ANY TIME.

    A standalone copy or paraphrase of the text of this document that
omits the distribution URL is an uncontrolled copy and may lack
important information or contain factual errors. The information in this
document is intended for end users of Cisco products.



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================