CVE-2021-1527 — Vulnetix

CVE-2021-1527 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the vulnerable application. The vulnerability is due to insufficient validation of values in Webex recording files that are stored in Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a malicious WRF file to a user as a link or email attachment and then persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the affected software and view memory state information.

EPSS 0.54% · 67.9th percentile

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

EPSS Score

0.54%

67.9th percentile

Affected Products

Vendor	Product	Versions
cisco	webex_player	0, 0
Cisco	Cisco Webex Meetings	n/a

Exploit Intelligence

20210602 Cisco Webex Player Memory Corruption Vulnerability (circl)

Timeline

Jun 4, 2021 CVE Published
Jun 5, 2021 EPSS Score
Aug 7, 2021 EPSS Score
Oct 7, 2021 EPSS Score
Dec 7, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 8, 2022 EPSS Score
Jun 8, 2022 EPSS Score
Aug 9, 2022 EPSS Score
Oct 8, 2022 EPSS Score

References

20210602 Cisco Webex Player Memory Corruption Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1527 advisory

Open in Interactive Console →