← Back

CVE-2021-1399

nvd nist
Published: Apr 8, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.

Affected (2)

Cisco
1 product
Unified Communications Manager
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Unified Communications Manager
From 10.5\(2\) to 12.5\(1\)su4
Unified Communications Manager
From 10.5\(2\) to 12.5\(1\)su4

Related CWEs

CWE-302
Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.