Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-1226
HistoryJan 13, 2021 - 10:15 p.m.

CVE-2021-1226

2021-01-1322:15:20
CWE-532
[email protected]
web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Affected configurations

NVD
Node
ciscoemergency_responderRange12.5\(1\)12.5\(1\)su3
OR
ciscoemergency_responderMatch10.5\(2\)
OR
ciscoemergency_responderMatch11.5\(1\)
OR
ciscoemergency_responderMatch12.0\(1\)
OR
ciscoprime_license_managerRange11.5\(1\)11.5\(1\)su9
OR
ciscoprime_license_managerMatch10.5\(2\)
OR
ciscounified_communications_managerRange11.5\(1\)11.5\(1\)su9-
OR
ciscounified_communications_managerRange11.5\(1\)11.5\(1\)su9session_management
OR
ciscounified_communications_managerMatch10.5\(2\)-
OR
ciscounified_communications_managerMatch10.5\(2\)session_management
OR
ciscounified_communications_manager_im_\&_presence_serviceRange11.5\(1\)11.5\(1\)su9
OR
ciscounified_communications_manager_im_\&_presence_serviceRange12.5\(1\)12.5\(1\)su3
OR
ciscounified_communications_manager_im_\&_presence_serviceMatch10.5\(2\)
OR
ciscounified_communications_manager_im_\&_presence_serviceMatch12.0\(1\)
OR
ciscounity_connectionRange11.5\(1\)11.5\(1\)su9
OR
ciscounity_connectionRange12.0\(1\)12.0\(1\)su4
OR
ciscounity_connectionRange12.5\(1\)12.5\(1\)su3
OR
ciscounity_connectionMatch10.5\(2\)

Related

cvelist 1
nessus 1
prion 1
cisco 1
cve 1
cvelist
cvelist
CVE-2021-1226 Cisco Unified Communications Products Information Disclosure Vulnerability
2021-01-13 00:00:00
nessus
nessus
Cisco Unified CommunicationsManager Information Disclosure (cisco-sa-cucm-logging-6QSWKRYz)
2021-01-22 00:00:00
prion
prion
Design/Logic Flaw
2021-01-13 22:15:00
cisco
cisco
Cisco Unified Communications Products Information Disclosure Vulnerability
2021-01-13 16:00:00
cve
cve
CVE-2021-1226
2021-01-13 22:15:20

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON
Related for NVD:CVE-2021-1226
cvelist1nessus1prion1cisco1cve1