{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/slido/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Slido"],"_cs_severities":["medium"],"_cs_tags":["idor","cisco","slido","credential-access"],"_cs_type":"advisory","_cs_vendors":["Cisco"],"content_html":"\u003cp\u003eA vulnerability in the REST API of Cisco Slido, a web-based audience interaction platform, could have been exploited by an authenticated, remote attacker. The vulnerability stems from an insecure direct object reference (IDOR). An attacker could potentially leverage this vulnerability to access sensitive social profile data of other users within the Slido platform or manipulate quiz and poll results. Cisco has addressed this vulnerability in their Slido service; no specific version numbers are mentioned in the advisory. The scope of the targeting is all users of the Slido platform.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Cisco Slido platform using valid credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies a vulnerable REST API endpoint related to user profile data or quiz/poll results.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request to the API endpoint, manipulating the object reference (e.g., user ID or poll ID) to target another user\u0026rsquo;s profile or a specific poll.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the Cisco Slido server.\u003c/li\u003e\n\u003cli\u003eDue to the IDOR vulnerability, the server processes the request without proper authorization checks, granting access to the targeted user\u0026rsquo;s social profile data or allowing modification of quiz/poll results.\u003c/li\u003e\n\u003cli\u003eAttacker views the retrieved social profile data of the targeted user, potentially including sensitive information.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker successfully alters the quiz/poll results, skewing outcomes or manipulating participation data.\u003c/li\u003e\n\u003cli\u003eThe attacker continues to exploit the vulnerability to gather more user data or further manipulate quiz/poll results, impacting the integrity of the Slido platform.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could have resulted in unauthorized access to sensitive user data, including social profiles. An attacker could potentially harvest personal information or use the compromised profiles for malicious purposes. Furthermore, the manipulation of quiz and poll results could undermine the integrity of these interactive elements, leading to skewed outcomes and a loss of trust in the platform. The number of affected users and the full extent of potential damage is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWhile Cisco states that they have addressed this vulnerability and that no customer action is required, monitor web server logs for unusual activity targeting API endpoints related to user profile data or quiz/poll interactions.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule \u003ccode\u003eDetect Suspicious Slido API Access\u003c/code\u003e to identify potential exploitation attempts based on HTTP status codes and URI patterns.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected modifications to user profiles or quiz/poll results within the Slido platform\u0026rsquo;s administrative interface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T16:00:00Z","date_published":"2026-05-06T16:00:00Z","id":"/briefs/2024-01-cisco-slido-idor/","summary":"An insecure direct object reference in Cisco Slido's REST API could have allowed an authenticated remote attacker to access social profile data or affect quiz/poll results.","title":"Cisco Slido Insecure Direct Object Reference Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-cisco-slido-idor/"}],"language":"en","title":"CraftedSignal Threat Feed — Slido","version":"https://jsonfeed.org/version/1.1"}