CVE-2021-1406

Published: Apr 8, 2021Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

Affected (61)

Products: Cisco: Unified Communications Manager

Cisco

1 product

Unified Communications Manager

Configuration A

61 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Communications Manager	Version 10.5(2)
Cisco Unified Communications Manager	Version 10.5(2)
Cisco Unified Communications Manager	Version 10.5(2)su10
Cisco Unified Communications Manager	Version 10.5(2)su10
Cisco Unified Communications Manager	Version 10.5(2)su1
Cisco Unified Communications Manager	Version 10.5(2)su1
Cisco Unified Communications Manager	Version 10.5(2)su2
Cisco Unified Communications Manager	Version 10.5(2)su2
Cisco Unified Communications Manager	Version 10.5(2)su2a
Cisco Unified Communications Manager	Version 10.5(2)su2a
Cisco Unified Communications Manager	Version 10.5(2)su3
Cisco Unified Communications Manager	Version 10.5(2)su3
Cisco Unified Communications Manager	Version 10.5(2)su3a
Cisco Unified Communications Manager	Version 10.5(2)su3a
Cisco Unified Communications Manager	Version 10.5(2)su4
Cisco Unified Communications Manager	Version 10.5(2)su4
Cisco Unified Communications Manager	Version 10.5(2)su4a
Cisco Unified Communications Manager	Version 10.5(2)su4a
Cisco Unified Communications Manager	Version 10.5(2)su5
Cisco Unified Communications Manager	Version 10.5(2)su6
Cisco Unified Communications Manager	Version 10.5(2)su6
Cisco Unified Communications Manager	Version 10.5(2)su6a
Cisco Unified Communications Manager	Version 10.5(2)su6a
Cisco Unified Communications Manager	Version 10.5(2)su7
Cisco Unified Communications Manager	Version 10.5(2)su7
Cisco Unified Communications Manager	Version 10.5(2)su8
Cisco Unified Communications Manager	Version 10.5(2)su8
Cisco Unified Communications Manager	Version 10.5(2)su9
Cisco Unified Communications Manager	Version 10.5(2)su9
Cisco Unified Communications Manager	Version 11.5(1)
Cisco Unified Communications Manager	Version 11.5(1)
Cisco Unified Communications Manager	Version 11.5(1)su1
Cisco Unified Communications Manager	Version 11.5(1)su1
Cisco Unified Communications Manager	Version 11.5(1)su2
Cisco Unified Communications Manager	Version 11.5(1)su2
Cisco Unified Communications Manager	Version 11.5(1)su3
Cisco Unified Communications Manager	Version 11.5(1)su3
Cisco Unified Communications Manager	Version 11.5(1)su4
Cisco Unified Communications Manager	Version 11.5(1)su4
Cisco Unified Communications Manager	Version 11.5(1)su5
Cisco Unified Communications Manager	Version 11.5(1)su5
Cisco Unified Communications Manager	Version 11.5(1)su7
Cisco Unified Communications Manager	Version 11.5(1)su7
Cisco Unified Communications Manager	Version 11.5(1)su8
Cisco Unified Communications Manager	Version 11.5(1)su8
Cisco Unified Communications Manager	Version 11.5(1)su9
Cisco Unified Communications Manager	Version 11.5(1)su9
Cisco Unified Communications Manager	Version 12.0(1)
Cisco Unified Communications Manager	Version 12.0(1)
Cisco Unified Communications Manager	Version 12.5(1)
Cisco Unified Communications Manager	Version 12.5(1)
Cisco Unified Communications Manager	Version 12.5(1)su1
Cisco Unified Communications Manager	Version 12.5(1)su1
Cisco Unified Communications Manager	Version 12.5(1)su2
Cisco Unified Communications Manager	Version 12.5(1)su2
Cisco Unified Communications Manager	Version 12.5(1)su3
Cisco Unified Communications Manager	Version 12.5(1)su3
Cisco Unified Communications Manager	Version 12.5(1)su4
Cisco Unified Communications Manager	Version 12.5(1)su4
Cisco Unified Communications Manager	Version 12.5(1)su5
Cisco Unified Communications Manager	Version 12.5(1)su5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.