Lucene search

[email protected]CVE-2021-1406

HistoryApr 08, 2021 - 4:15 a.m.

CVE-2021-1406

2021-04-0804:15:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2021-1406

cisco

unified communications manager

unified cm

session management edition

sme

vulnerability

remote attacker

sensitive information

hashed credentials

nvd

security issue

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.0%

JSON

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq12.5\(1\)
cisco:unified_communications_managercisco unified communications managereq12.0\(1\)
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)
cisco:unified_communications_managercisco unified communications managereq11.5\(1\)
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)su1
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)su2
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)su2a
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)su3
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)su3a
cisco:unified_communications_managercisco unified communications managereq10.5\(2\)su4

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	12.5\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	12.0\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)
cisco:unified_communications_manager	cisco unified communications manager	eq	11.5\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)su1
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)su2
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)su2a
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)su3
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)su3a
cisco:unified_communications_manager	cisco unified communications manager	eq	10.5\(2\)su4

Rows per page:

1-10 of 311

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.0%

JSON

Related for CVE-2021-1406

nessus1 cisco1 prion1