How severe is CVE-2021-1372?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-1372?

This is classified as CWE-202, which is a common weakness in software security.

CVE-2021-1372 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.

Related Vulnerabilities

CVE-2023-20215

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a ne...

CWE-2022023

CVE-2024-20388

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. ...

CWE-2022024

CVE-2024-38895

MEDIUM

CVSS:5.3(Medium)

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.

CWE-2022024

CVE-2024-38897

MEDIUM

CVSS:5.3(Medium)

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.

CWE-2022024

CVE-2023-1625

MEDIUM

CVSS:5.0(Medium)

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. ...

CWE-2022023

CVE-2022-20747

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is d...

CWE-2022022