Lucene search

[email protected]CVE-2021-1364

HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1364

2021-01-2020:15:00

CWE-89

[email protected]

web.nvd.nist.gov

cisco

unified communications manager

vulnerabilities

sql injection

path traversal

cve-2021-1364

nvd

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

27.7%

JSON

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

CPENameOperatorVersion
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence servicelt12.5\(1\)su4
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence servicelt11.5\(1\)su9
cisco:unified_communications_managercisco unified communications managerlt12.5\(1\)su4
cisco:unified_communications_managercisco unified communications managerlt12.0\(1\)su4
cisco:unified_communications_managercisco unified communications managerlt11.5\(1\)su9

CPE	Name	Operator	Version
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	lt	12.5\(1\)su4
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	lt	11.5\(1\)su9
cisco:unified_communications_manager	cisco unified communications manager	lt	12.5\(1\)su4
cisco:unified_communications_manager	cisco unified communications manager	lt	12.0\(1\)su4
cisco:unified_communications_manager	cisco unified communications manager	lt	11.5\(1\)su9

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6

Social References

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

27.7%

JSON

Related for CVE-2021-1364

prion1 nessus1 cisco1