FKIE_CVE-2021-1362

Vulnerability from fkie_nvd - Published: 2021-04-08 04:15 - Updated: 2024-11-21 05:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwybVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwybVendor Advisory
Impacted products
Vendor Product Version
cisco prime_license_manager *
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager *
cisco unified_communications_manager_im_\&_presence_service *
cisco unified_communications_manager_im_\&_presence_service *
cisco unity_connection *
cisco unity_connection *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ECFC9AD-73C7-4B03-B791-0DB46A987673",
              "versionEndExcluding": "11.5\\(1\\)su9",
              "versionStartIncluding": "10.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "DEED2509-2F02-4B6F-A588-448C39D87AC7",
              "versionEndExcluding": "11.5\\(1\\)su9",
              "versionStartIncluding": "10.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "FF429C92-1327-4A27-B2FF-B388A5F97A98",
              "versionEndExcluding": "11.5\\(1\\)su9",
              "versionStartIncluding": "10.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "5EB86657-3A5F-4960-B407-5920A86DB58F",
              "versionEndExcluding": "12.5\\(1\\)su4",
              "versionStartIncluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "2B4716CB-F9D8-4E38-9FC1-CE4E4A44B20F",
              "versionEndExcluding": "12.5\\(1\\)su4",
              "versionStartIncluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E62A5D3-0E6B-488A-B7EF-FB9C68947042",
              "versionEndExcluding": "11.5\\(1\\)su9",
              "versionStartIncluding": "10.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB145AFA-1CB3-40ED-B522-7AE4BCFE785A",
              "versionEndExcluding": "12.5\\(1\\)su4",
              "versionStartIncluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC5846FF-F22A-4475-AB3D-AD23B03CBE9E",
              "versionEndExcluding": "11.5\\(1\\)su9",
              "versionStartIncluding": "10.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D9BAFFB-1814-40E8-BAFA-51362D6F3173",
              "versionEndExcluding": "12.5\\(1\\)su4",
              "versionStartIncluding": "12.0\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM \u0026amp; Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el endpoint de la API SOAP de Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM \u0026amp; amp;\u0026#xa0;Presence Service, Cisco Unity Connection y Cisco Prime License Manager, podr\u00edan permitir a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario en un dispositivo afectado.\u0026#xa0;Esta vulnerabilidad es debido a un saneamiento inapropiado de la entrada suministrada por el usuario.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n de API SOAP con par\u00e1metros dise\u00f1ados hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con privilegios root en el sistema operativo Linux subyacente del dispositivo afectado"
    }
  ],
  "id": "CVE-2021-1362",
  "lastModified": "2024-11-21T05:44:10.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-08T04:15:12.140",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.