{"containers": {"cna": {"affected": [{"product": "Cisco Webex Teams", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2021-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-450", "description": "CWE-450", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-13T21:17:28", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"}], "source": {"advisory": "cisco-sa-webex-teams-7ZMcXG99", "defect": [["CSCvv74842"]], "discovery": "INTERNAL"}, "title": "Cisco Webex Teams Shared File Manipulation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-01-13T16:00:00", "ID": "CVE-2021-1242", "STATE": "PUBLIC", "TITLE": "Cisco Webex Teams Shared File Manipulation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Webex Teams", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-450"}]}]}, "references": {"reference_data": [{"name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"}]}, "source": {"advisory": "cisco-sa-webex-teams-7ZMcXG99", "defect": [["CSCvv74842"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:02:56.315Z"}, "title": "CVE Program Container", "references": [{"name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T20:54:45.764818Z", "id": "CVE-2021-1242", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:47:40.135Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1242", "datePublished": "2021-01-13T21:17:28.265054Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-12T20:47:40.135Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99", "name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:02:56.315Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1242", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-08T20:54:45.764818Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T21:07:03.809Z"}}], "cna": {"title": "Cisco Webex Teams Shared File Manipulation Vulnerability", "source": {"defect": [["CSCvv74842"]], "advisory": "cisco-sa-webex-teams-7ZMcXG99", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Webex Teams", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2021-01-13T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99", "name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-450", "description": "CWE-450"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2021-01-13T21:17:28"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, "source": {"defect": [["CSCvv74842"]], "advisory": "cisco-sa-webex-teams-7ZMcXG99", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Webex Teams"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99", "name": "20210113 Cisco Webex Teams Shared File Manipulation Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-450"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-1242", "STATE": "PUBLIC", "TITLE": "Cisco Webex Teams Shared File Manipulation Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-01-13T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-1242", "state": "PUBLISHED", "dateUpdated": "2024-11-12T20:47:40.135Z", "dateReserved": "2020-11-13T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2021-01-13T21:17:28.265054Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*", "matchCriteriaId": "845BE1B4-1D05-491B-8EA9-E3A5028C6535", "versionEndExcluding": "40.12.0.17293", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. The vulnerability exists because the affected software mishandles character rendering. An attacker could exploit this vulnerability by sharing a file within the application interface. A successful exploit could allow the attacker to modify how the shared file name displays within the interface, which could allow the attacker to conduct phishing or spoofing attacks."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Webex Teams, podr\u00eda permitir a un atacante remoto no autenticado manipular nombres de archivos dentro de la interfaz de mensajer\u00eda. La vulnerabilidad se presenta porque el software afectado maneja inapropiadamente la representaci\u00f3n de caracteres. Un atacante podr\u00eda explotar esta vulnerabilidad compartiendo un archivo dentro de la interfaz de la aplicaci\u00f3n. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitirle al atacante modificar c\u00f3mo se muestra el nombre del archivo compartido dentro de la interfaz, lo que podr\u00eda permitir al atacante realizar ataques de phishing o suplantaci\u00f3n de identidad."}], "id": "CVE-2021-1242", "lastModified": "2024-11-21T05:43:54.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-13T22:15:20.990", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-7ZMcXG99"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-450"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}