Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Manager Information Disclosure Vulnerability

cisco-sa-cucm-inf-disc-wCxZNjL2 · Medium · Published · Updated

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2021-1406
Cisco Bug IDsCSCvv21048
CVSS ScoreBase 4.9
Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Communications Manager, Cisco Unified Communications Manager / Cisco Unity Connection

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Unified Communications Manager known_affected cisco_csaf CVE-2021-1406 1
Cisco Unified Communications Manager / Cisco Unity Connection known_affected cisco_csaf CVE-2021-1406 1

Related Products

Product CVE Evidence
Cisco Unified Communications Manager CVE-2021-1406 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2021-1406 Cisco OpenVuln
Cisco Unity CVE-2021-1406 Cisco OpenVuln
Cisco Unity Connection CVE-2021-1406 Cisco OpenVuln