CVE-2021-1362

Summary

CVE	CVE-2021-1362
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-08 04:15:00 UTC
Updated	2023-11-07 03:28:00 UTC
Description	A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.

Risk And Classification

Problem Types: CWE-94

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cisco	Prime License Manager	All	All	All	All
Application	Cisco	Unified Communications Manager	All	All	All	All
Application	Cisco	Unified Communications Manager	All	All	All	All
Application	Cisco	Unified Communications Manager Im Presence Service	All	All	All	All
Application	Cisco	Unified Communications Manager Im Presence Service	All	All	All	All
Application	Cisco	Unity Connection	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Unified Communications Products Remote Code Execution Vulnerability	CISCO	tools.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

316922 Cisco Unified Communications Products Remote Code Execution Vulnerability(cisco-sa-cucm-rce-pqVYwyb)
316923 Cisco Unified Communications Manager IM and Presence Service Remote Code Execution Vulnerability(cisco-sa-cucm-rce-pqVYwyb)