Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities

cisco-sa-cucm-xss-Q4PZcNzJ · Medium · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2021-1380, CVE-2021-1407, CVE-2021-1408, CVE-2021-1409
Cisco Bug IDsCSCvu52262, CSCvv35159, CSCvv28764, CSCvv21040, CSCvx14178, CSCvx14158, CSCvw71918
CVSS ScoreBase 6.1
Base 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unity Connection, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM and Presence Service, Cisco Unified Communications Manager / Cisco Unity Connection

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Unified Communications Manager known_affected cisco_csaf CVE-2021-1380, CVE-2021-1407, CVE-2021-1408 +1 more 4
Cisco Unified Communications Manager / Cisco Unity Connection known_affected cisco_csaf CVE-2021-1380, CVE-2021-1407, CVE-2021-1408 +1 more 4
Cisco Unified Communications Manager IM and Presence Service known_affected cisco_csaf CVE-2021-1409 1
Cisco Unity Connection known_affected cisco_csaf CVE-2021-1380, CVE-2021-1409 2

Related Products

Product CVE Evidence
Cisco Unified Communications Manager CVE-2021-1380 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2021-1409 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2021-1380 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2021-1409 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2021-1380 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2021-1409 Cisco OpenVuln
Cisco Unity CVE-2021-1380 Cisco OpenVuln
Cisco Unity CVE-2021-1409 Cisco OpenVuln
Cisco Unity Connection CVE-2021-1380 Cisco OpenVuln
Cisco Unity Connection CVE-2021-1409 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2021-1407 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2021-1408 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2021-1407 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2021-1408 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2021-1407 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2021-1408 Cisco OpenVuln
Cisco Unity CVE-2021-1407 Cisco OpenVuln
Cisco Unity CVE-2021-1408 Cisco OpenVuln
Cisco Unity Connection CVE-2021-1407 Cisco OpenVuln
Cisco Unity Connection CVE-2021-1408 Cisco OpenVuln