{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T17:10:49.425","vulnerabilities":[{"cve":{"id":"CVE-2021-1240","sourceIdentifier":"psirt@cisco.com","published":"2021-01-13T22:15:20.897","lastModified":"2024-11-21T05:43:54.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the loading process of specific DLLs in Cisco Proximity Desktop for Windows could allow an authenticated, local attacker to load a malicious library. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. This vulnerability is due to incorrect handling of directory paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file in a specific location on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with the privileges of another user’s account."},{"lang":"es","value":"Una vulnerabilidad en el proceso de carga de archivos DLL específicos en Cisco Proximity Desktop para Windows, podría permitir a un atacante local autenticado cargar una biblioteca maliciosa. Para explotar esta vulnerabilidad, el atacante debe tener credenciales válidas en el sistema Windows. Esta vulnerabilidad se debe al manejo incorrecto de las rutas de directorio en tiempo de ejecución. Un atacante podría explotar esta vulnerabilidad colocando un archivo DLL malicioso en una ubicación específica del sistema apuntado. Este archivo se ejecutará cuando se inicie la aplicación vulnerable. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario en el sistema objetivo con los privilegios de la cuenta de otro usuario."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:C/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.8,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:proximity:*:*:*:*:*:windows:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"81783A42-F28B-4FAB-B63E-21832093B149"}]}]}],"references":[{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-dll-UvW4VHPM","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-dll-UvW4VHPM","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}