Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-CMXAPI-KSKWCMFP
HistoryJan 13, 2021 - 4:00 p.m.

Cisco Connected Mobile Experiences User Enumeration Vulnerability

2021-01-1316:00:00
tools.cisco.com
32

0.001 Low

EPSS

Percentile

39.5%

JSON

A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system.

The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxapi-KsKwCmfp [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxapi-KsKwCmfp”]

Affected configurations

Vulners
Node
ciscoconnected_mobile_experiencesMatchany
OR
ciscoconnected_mobile_experiencesMatchany

Related

cvelist 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2021-1143 Cisco Connected Mobile Experiences User Enumeration Vulnerability
2021-01-13 00:00:00
nvd
nvd
CVE-2021-1143
2021-01-13 22:15:14
prion
prion
Design/Logic Flaw
2021-01-13 22:15:00
cve
cve
CVE-2021-1143
2021-01-13 22:15:14

0.001 Low

EPSS

Percentile

39.5%

JSON
Related for CISCO-SA-CMXAPI-KSKWCMFP
cvelist1nvd1prion1cve1