Vulnerability-Lookup

FKIE_CVE-2021-1406

Vulnerability from fkie_nvd - Published: 2021-04-08 04:15 - Updated: 2024-11-21 05:44

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

References

	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_communications_manager	10.5\(2\)
cisco	unified_communications_manager	10.5\(2\)
cisco	unified_communications_manager	10.5\(2\)su1
cisco	unified_communications_manager	10.5\(2\)su1
cisco	unified_communications_manager	10.5\(2\)su2
cisco	unified_communications_manager	10.5\(2\)su2
cisco	unified_communications_manager	10.5\(2\)su2a
cisco	unified_communications_manager	10.5\(2\)su2a
cisco	unified_communications_manager	10.5\(2\)su3
cisco	unified_communications_manager	10.5\(2\)su3
cisco	unified_communications_manager	10.5\(2\)su3a
cisco	unified_communications_manager	10.5\(2\)su3a
cisco	unified_communications_manager	10.5\(2\)su4
cisco	unified_communications_manager	10.5\(2\)su4
cisco	unified_communications_manager	10.5\(2\)su4a
cisco	unified_communications_manager	10.5\(2\)su4a
cisco	unified_communications_manager	10.5\(2\)su5
cisco	unified_communications_manager	10.5\(2\)su6
cisco	unified_communications_manager	10.5\(2\)su6
cisco	unified_communications_manager	10.5\(2\)su6a
cisco	unified_communications_manager	10.5\(2\)su6a
cisco	unified_communications_manager	10.5\(2\)su7
cisco	unified_communications_manager	10.5\(2\)su7
cisco	unified_communications_manager	10.5\(2\)su8
cisco	unified_communications_manager	10.5\(2\)su8
cisco	unified_communications_manager	10.5\(2\)su9
cisco	unified_communications_manager	10.5\(2\)su9
cisco	unified_communications_manager	10.5\(2\)su10
cisco	unified_communications_manager	10.5\(2\)su10
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)su1
cisco	unified_communications_manager	11.5\(1\)su1
cisco	unified_communications_manager	11.5\(1\)su2
cisco	unified_communications_manager	11.5\(1\)su2
cisco	unified_communications_manager	11.5\(1\)su3
cisco	unified_communications_manager	11.5\(1\)su3
cisco	unified_communications_manager	11.5\(1\)su4
cisco	unified_communications_manager	11.5\(1\)su4
cisco	unified_communications_manager	11.5\(1\)su5
cisco	unified_communications_manager	11.5\(1\)su5
cisco	unified_communications_manager	11.5\(1\)su7
cisco	unified_communications_manager	11.5\(1\)su7
cisco	unified_communications_manager	11.5\(1\)su8
cisco	unified_communications_manager	11.5\(1\)su8
cisco	unified_communications_manager	11.5\(1\)su9
cisco	unified_communications_manager	11.5\(1\)su9
cisco	unified_communications_manager	12.0\(1\)
cisco	unified_communications_manager	12.0\(1\)
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su5
cisco	unified_communications_manager	12.5\(1\)su5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "6781FEB3-73CF-451E-A373-19657DE750FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "37F53ABC-C019-4BBB-8881-395F286EA43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:-:*:*:*",
              "matchCriteriaId": "8E10EACB-885B-4FB1-89D7-1038336B997B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "4277C3ED-77E5-4BBD-867E-0E5AD26CABDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:-:*:*:*",
              "matchCriteriaId": "00B8DC04-D9B0-432A-B9B9-5E3A9428528B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "785CD3D7-9967-4F4E-A76A-66F514BB8D46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:-:*:*:*",
              "matchCriteriaId": "9F72E5FC-0459-4366-8D47-93306F25D31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F9C6D49F-954B-4057-A51A-6ED1304EEC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:-:*:*:*",
              "matchCriteriaId": "8FD488BB-6EB2-4084-B9C3-23E41D1FE0DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "3225F4E8-4D2E-40EC-9BC0-799D34AB9C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:-:*:*:*",
              "matchCriteriaId": "32ADCDE2-5069-472A-96FB-20A62337DDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "57633170-0285-4C0E-A58F-AF970B97F24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:-:*:*:*",
              "matchCriteriaId": "100A3B73-B286-4358-A829-7AFBE685F9E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "9262E014-86BE-41B5-827B-297157796107",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:-:*:*:*",
              "matchCriteriaId": "12D7018F-A242-49E2-9A2D-663EA34F6B4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "A987F37B-3705-4A99-BD79-0575A5882A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E3D8BF-B5A3-4857-94B7-3BDA59BD9BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:-:*:*:*",
              "matchCriteriaId": "9C36CC93-51D2-4856-860F-4DE90721B5EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "0BC9CF9C-653E-45AF-8C15-E0D6052938B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:-:*:*:*",
              "matchCriteriaId": "2C76AE40-E203-4206-AA54-D1B47EFBBFCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "0C51FA8B-D576-4174-947E-37DA5954B372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:-:*:*:*",
              "matchCriteriaId": "A5677040-8E71-43A7-A5AB-389A2446FBB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "95D7060A-A44C-41F7-8F16-D6D066FA9E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:-:*:*:*",
              "matchCriteriaId": "D2C99CC1-D20B-483D-83B2-C5A5654170D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "C4CE477A-3796-4EF9-9158-E96A6058C208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:-:*:*:*",
              "matchCriteriaId": "D0D0CC2A-4C22-440B-890C-C123562D3744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F4558E9D-6144-4DD3-8131-D46DF5E066E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:-:*:*:*",
              "matchCriteriaId": "24016D28-5B31-4A92-806B-36AC44CC4476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "0338F894-23F2-4063-AF30-A094F06BF0C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:-:*:*:*",
              "matchCriteriaId": "9938A5E6-0A2E-46C3-B347-EA63304A8511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "AC3A6965-5989-47B1-BF13-F6D306BCE412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:-:*:*:*",
              "matchCriteriaId": "0E572C74-117F-455B-8A5D-14E3A363F087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "641F8DC2-0595-41B5-B154-9CAB37B7E5F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:-:*:*:*",
              "matchCriteriaId": "319DA981-B200-409F-94D1-0808E0555F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "81F945BC-7A46-48F8-B709-67692CF62C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:-:*:*:*",
              "matchCriteriaId": "841C7F5B-29F6-441C-8F02-DBCE8D1CD160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "C8D79377-AEA4-4F7D-931C-7938F2E72108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:-:*:*:*",
              "matchCriteriaId": "0FC7FF7F-4870-4F68-B883-40AF4EAB8D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "7BD8C20B-2C1E-422D-87C0-D478F4A3CFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:-:*:*:*",
              "matchCriteriaId": "BB663114-EC3F-4E9F-888D-5E4298C6F832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "430E4021-05BF-4E41-B197-BE2EEF8A8B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:-:*:*:*",
              "matchCriteriaId": "1E6135D4-FA64-425B-BE91-174D38B5DBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "3912C8CB-01BF-4627-8960-E83F015115C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:-:*:*:*",
              "matchCriteriaId": "7E0BC7A5-8DED-49FA-AC67-55FD5082876B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "075DF8B4-1651-46A4-8FE6-BEDC264E871A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "F2742FD5-CE1D-4FDC-818F-125600015BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:-:*:*:*",
              "matchCriteriaId": "616BEDFF-EB9A-4ADE-A672-B2E709DC844B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "628A15DE-7852-4D4F-9D8B-A20A841708CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:-:*:*:*",
              "matchCriteriaId": "E077A144-3D5E-4984-8F2B-6A69C5ED3EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "25D5286C-249E-480A-88F9-0A573737297A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:-:*:*:*",
              "matchCriteriaId": "6353BE27-91F0-4E8B-89A3-30EC189798F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "B4057BD8-B5C0-4A61-8AD7-8E59F351AF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:-:*:*:*",
              "matchCriteriaId": "F1FAF361-CEE8-4F75-B444-CFFB8A7D9AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "15292BC9-7129-4BCF-BAED-E8EBDC27AFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:-:*:*:*",
              "matchCriteriaId": "387C66C7-42D7-4794-898C-85A098189BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "BC19BCD4-4E59-4B5A-936F-AF3F31315BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME), podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n confidencial en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una inclusi\u00f3n inapropiada de informaci\u00f3n confidencial en archivos descargables.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste espec\u00edfico de comandos.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener credenciales hash de los usuarios del sistema.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales de usuario v\u00e1lidas con privilegios elevados"
    }
  ],
  "id": "CVE-2021-1406",
  "lastModified": "2024-11-21T05:44:16.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-08T04:15:12.593",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-538"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-1406 (GCVE-0-2021-1406)

Vulnerability from cvelistv5 – Published: 2021-04-08 04:05 – Updated: 2024-11-08 23:28

Title

Cisco Unified Communications Manager Information Disclosure Vulnerability

Summary

Severity ?

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-538

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Communications Manager	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:46:27.298346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:28:49.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-08T04:05:55",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-inf-disc-wCxZNjL2",
        "defect": [
          [
            "CSCvv21048"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Communications Manager Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-04-07T16:00:00",
          "ID": "CVE-2021-1406",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Communications Manager Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Communications Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-538"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cucm-inf-disc-wCxZNjL2",
          "defect": [
            [
              "CSCvv21048"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1406",
    "datePublished": "2021-04-08T04:05:55.718686Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:28:49.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2021-1406

CVE-2021-1406 (GCVE-0-2021-1406)

Tags

Sightings

Nomenclature