1. Home
  2. CVE Database
  3. CVE-2021-1536
MEDIUM · 4.8

CVE-2021-1536

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authent...

Vulnerability Description

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system, which can cause a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of another user account.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
CiscoWebex Meetings Desktop-
CiscoWebex Meetings Online-
CiscoWebex Meetings Server4.0
CiscoWebex Network Recording Player-
CiscoWebex Teams3.0.15485.0

Related Weaknesses (CWE)

CWE-427

References

FAQ

What is CVE-2021-1536?

CVE-2021-1536 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authent...

How severe is CVE-2021-1536?

CVE-2021-1536 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1536?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Webex Meetings Desktop, Cisco Webex Meetings Online, Cisco Webex Meetings Server, Cisco Webex Network Recording Player, Cisco Webex Teams.