fkie_nvd - fkie_cve-2021-1406

fkie_cve-2021-1406

Vulnerability from fkie_nvd

Published

2021-04-08 04:15

Modified

2024-11-21 05:44

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

References

▼	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_communications_manager	10.5\(2\)
cisco	unified_communications_manager	10.5\(2\)
cisco	unified_communications_manager	10.5\(2\)su1
cisco	unified_communications_manager	10.5\(2\)su1
cisco	unified_communications_manager	10.5\(2\)su2
cisco	unified_communications_manager	10.5\(2\)su2
cisco	unified_communications_manager	10.5\(2\)su2a
cisco	unified_communications_manager	10.5\(2\)su2a
cisco	unified_communications_manager	10.5\(2\)su3
cisco	unified_communications_manager	10.5\(2\)su3
cisco	unified_communications_manager	10.5\(2\)su3a
cisco	unified_communications_manager	10.5\(2\)su3a
cisco	unified_communications_manager	10.5\(2\)su4
cisco	unified_communications_manager	10.5\(2\)su4
cisco	unified_communications_manager	10.5\(2\)su4a
cisco	unified_communications_manager	10.5\(2\)su4a
cisco	unified_communications_manager	10.5\(2\)su5
cisco	unified_communications_manager	10.5\(2\)su6
cisco	unified_communications_manager	10.5\(2\)su6
cisco	unified_communications_manager	10.5\(2\)su6a
cisco	unified_communications_manager	10.5\(2\)su6a
cisco	unified_communications_manager	10.5\(2\)su7
cisco	unified_communications_manager	10.5\(2\)su7
cisco	unified_communications_manager	10.5\(2\)su8
cisco	unified_communications_manager	10.5\(2\)su8
cisco	unified_communications_manager	10.5\(2\)su9
cisco	unified_communications_manager	10.5\(2\)su9
cisco	unified_communications_manager	10.5\(2\)su10
cisco	unified_communications_manager	10.5\(2\)su10
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)su1
cisco	unified_communications_manager	11.5\(1\)su1
cisco	unified_communications_manager	11.5\(1\)su2
cisco	unified_communications_manager	11.5\(1\)su2
cisco	unified_communications_manager	11.5\(1\)su3
cisco	unified_communications_manager	11.5\(1\)su3
cisco	unified_communications_manager	11.5\(1\)su4
cisco	unified_communications_manager	11.5\(1\)su4
cisco	unified_communications_manager	11.5\(1\)su5
cisco	unified_communications_manager	11.5\(1\)su5
cisco	unified_communications_manager	11.5\(1\)su7
cisco	unified_communications_manager	11.5\(1\)su7
cisco	unified_communications_manager	11.5\(1\)su8
cisco	unified_communications_manager	11.5\(1\)su8
cisco	unified_communications_manager	11.5\(1\)su9
cisco	unified_communications_manager	11.5\(1\)su9
cisco	unified_communications_manager	12.0\(1\)
cisco	unified_communications_manager	12.0\(1\)
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su5
cisco	unified_communications_manager	12.5\(1\)su5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "6781FEB3-73CF-451E-A373-19657DE750FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "37F53ABC-C019-4BBB-8881-395F286EA43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:-:*:*:*",
              "matchCriteriaId": "8E10EACB-885B-4FB1-89D7-1038336B997B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "4277C3ED-77E5-4BBD-867E-0E5AD26CABDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:-:*:*:*",
              "matchCriteriaId": "00B8DC04-D9B0-432A-B9B9-5E3A9428528B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "785CD3D7-9967-4F4E-A76A-66F514BB8D46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:-:*:*:*",
              "matchCriteriaId": "9F72E5FC-0459-4366-8D47-93306F25D31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F9C6D49F-954B-4057-A51A-6ED1304EEC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:-:*:*:*",
              "matchCriteriaId": "8FD488BB-6EB2-4084-B9C3-23E41D1FE0DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "3225F4E8-4D2E-40EC-9BC0-799D34AB9C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:-:*:*:*",
              "matchCriteriaId": "32ADCDE2-5069-472A-96FB-20A62337DDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "57633170-0285-4C0E-A58F-AF970B97F24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:-:*:*:*",
              "matchCriteriaId": "100A3B73-B286-4358-A829-7AFBE685F9E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "9262E014-86BE-41B5-827B-297157796107",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:-:*:*:*",
              "matchCriteriaId": "12D7018F-A242-49E2-9A2D-663EA34F6B4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "A987F37B-3705-4A99-BD79-0575A5882A7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E3D8BF-B5A3-4857-94B7-3BDA59BD9BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:-:*:*:*",
              "matchCriteriaId": "9C36CC93-51D2-4856-860F-4DE90721B5EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "0BC9CF9C-653E-45AF-8C15-E0D6052938B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:-:*:*:*",
              "matchCriteriaId": "2C76AE40-E203-4206-AA54-D1B47EFBBFCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "0C51FA8B-D576-4174-947E-37DA5954B372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:-:*:*:*",
              "matchCriteriaId": "A5677040-8E71-43A7-A5AB-389A2446FBB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "95D7060A-A44C-41F7-8F16-D6D066FA9E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:-:*:*:*",
              "matchCriteriaId": "D2C99CC1-D20B-483D-83B2-C5A5654170D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "C4CE477A-3796-4EF9-9158-E96A6058C208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:-:*:*:*",
              "matchCriteriaId": "D0D0CC2A-4C22-440B-890C-C123562D3744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F4558E9D-6144-4DD3-8131-D46DF5E066E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:-:*:*:*",
              "matchCriteriaId": "24016D28-5B31-4A92-806B-36AC44CC4476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "0338F894-23F2-4063-AF30-A094F06BF0C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:-:*:*:*",
              "matchCriteriaId": "9938A5E6-0A2E-46C3-B347-EA63304A8511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "AC3A6965-5989-47B1-BF13-F6D306BCE412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:-:*:*:*",
              "matchCriteriaId": "0E572C74-117F-455B-8A5D-14E3A363F087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "641F8DC2-0595-41B5-B154-9CAB37B7E5F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:-:*:*:*",
              "matchCriteriaId": "319DA981-B200-409F-94D1-0808E0555F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "81F945BC-7A46-48F8-B709-67692CF62C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:-:*:*:*",
              "matchCriteriaId": "841C7F5B-29F6-441C-8F02-DBCE8D1CD160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "C8D79377-AEA4-4F7D-931C-7938F2E72108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:-:*:*:*",
              "matchCriteriaId": "0FC7FF7F-4870-4F68-B883-40AF4EAB8D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "7BD8C20B-2C1E-422D-87C0-D478F4A3CFE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:-:*:*:*",
              "matchCriteriaId": "BB663114-EC3F-4E9F-888D-5E4298C6F832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "430E4021-05BF-4E41-B197-BE2EEF8A8B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:-:*:*:*",
              "matchCriteriaId": "1E6135D4-FA64-425B-BE91-174D38B5DBDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "3912C8CB-01BF-4627-8960-E83F015115C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:-:*:*:*",
              "matchCriteriaId": "7E0BC7A5-8DED-49FA-AC67-55FD5082876B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "075DF8B4-1651-46A4-8FE6-BEDC264E871A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "F2742FD5-CE1D-4FDC-818F-125600015BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:-:*:*:*",
              "matchCriteriaId": "616BEDFF-EB9A-4ADE-A672-B2E709DC844B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "628A15DE-7852-4D4F-9D8B-A20A841708CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:-:*:*:*",
              "matchCriteriaId": "E077A144-3D5E-4984-8F2B-6A69C5ED3EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "25D5286C-249E-480A-88F9-0A573737297A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:-:*:*:*",
              "matchCriteriaId": "6353BE27-91F0-4E8B-89A3-30EC189798F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "B4057BD8-B5C0-4A61-8AD7-8E59F351AF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:-:*:*:*",
              "matchCriteriaId": "F1FAF361-CEE8-4F75-B444-CFFB8A7D9AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "15292BC9-7129-4BCF-BAED-E8EBDC27AFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:-:*:*:*",
              "matchCriteriaId": "387C66C7-42D7-4794-898C-85A098189BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "BC19BCD4-4E59-4B5A-936F-AF3F31315BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME), podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n confidencial en un dispositivo afectado.\u0026#xa0;La vulnerabilidad es debido a una inclusi\u00f3n inapropiada de informaci\u00f3n confidencial en archivos descargables.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste espec\u00edfico de comandos.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener credenciales hash de los usuarios del sistema.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales de usuario v\u00e1lidas con privilegios elevados"
    }
  ],
  "id": "CVE-2021-1406",
  "lastModified": "2024-11-21T05:44:16.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-08T04:15:12.593",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-538"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-1406

Vulnerability from cvelistv5

Published

2021-04-08 04:05

Modified

2024-11-08 23:28

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Communications Manager	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:46:27.298346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:28:49.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-08T04:05:55",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cucm-inf-disc-wCxZNjL2",
        "defect": [
          [
            "CSCvv21048"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Communications Manager Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-04-07T16:00:00",
          "ID": "CVE-2021-1406",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Communications Manager Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Communications Manager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.9",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-538"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cucm-inf-disc-wCxZNjL2",
          "defect": [
            [
              "CSCvv21048"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1406",
    "datePublished": "2021-04-08T04:05:55.718686Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:28:49.462Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted