Rewterz Threat Advisory – CVE-2021-1420 – Cisco Webex Meetings HTML Injection Vulnerability

April 8, 2021

Severity

Medium

Analysis Summary

CVE-2021-1420

A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated, remote attacker to modify a web page in the context of a user’s browser. The vulnerability is due to improper checks on parameter values in affected pages. An attacker could exploit this vulnerability by persuading a user to follow a crafted link that is designed to pass HTML code into an affected parameter. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.

Impact

HTML Injection

Affected Vendors

Cisco

Affected Products

Webex meeting cloud base

Remediation

Update to the latest version of Cisco webex meeting.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Cyber Threat Alert: Immediate Action Required on Existing APT Threat Indicators – Active IOCs

Tinba aka TinyBanker Trojan – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Cisco SD-WAN vManage Software Vulnerabilities

Rewterz Threat Advisory – CVE-2021-3483 – Linux Kernel code execution

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.