CVE-2021-1524 — Vulnetix

CVE-2021-1524 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because requests that are sent to the API are not properly validated. An attacker could exploit this vulnerability by sending a malicious request to the API. A successful exploit could allow the attacker to cause all participants on a call to be disconnected, resulting in a DoS condition.

EPSS 0.43% · 62.9th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.43%

62.9th percentile

Affected Products

Vendor	Product	Versions
cisco	meeting_server	3.1
Cisco	Cisco Meeting Server	n/a

Exploit Intelligence

20210616 Cisco Meeting Server API Denial of Service Vulnerability (circl)

Timeline

Jun 16, 2021 CVE Published
Jun 17, 2021 EPSS Score
Aug 18, 2021 EPSS Score
Oct 17, 2021 EPSS Score
Dec 17, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 15, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 17, 2022 EPSS Score
Jun 16, 2022 EPSS Score
Aug 17, 2022 EPSS Score
Oct 16, 2022 EPSS Score

References

20210616 Cisco Meeting Server API Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1524 advisory

Open in Interactive Console →