CVE-2021-1362
Published on: 04/08/2021 12:00:00 AM UTC
Last Modified on: 04/15/2021 01:24:00 PM UTC
CVE-2021-1362 - advisory for cisco-sa-cucm-rce-pqVYwyb
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Prime License Manager from Cisco contain the following vulnerability:
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.
- CVE-2021-1362 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
- The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software:
Cisco - Cisco Unity Connection version n/a
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 9 - HIGH
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Unified Communications Products Remote Code Execution Vulnerability | tools.cisco.com text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Prime License Manager | All | All | All | All |
Application | Cisco | Unified Communications Manager | All | All | All | All |
Application | Cisco | Unified Communications Manager | All | All | All | All |
Application | Cisco | Unified Communications Manager Im Presence Service | All | All | All | All |
Application | Cisco | Unified Communications Manager Im Presence Service | All | All | All | All |
Application | Cisco | Unity Connection | All | All | All | All |
- cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*:
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*:
- cpe:2.3:a:cisco:unified_communications_manager_im_&_presence_service:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*:
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-1362 : A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Co… twitter.com/i/web/status/1… | 2021-04-08 04:17:11 |
![]() |
CVE-2021-1362: Cisco Unified Communications Products Remote Code Execution Vulnerability Alert meterpreter.org/cve-2021-1362-… #info #news #tech | 2021-04-08 04:45:28 |
![]() |
#News CVE-2021-1362: Cisco Unified Communications Products Remote Code Execution Vulnerability Alert: On April 7, 2… twitter.com/i/web/status/1… | 2021-04-08 17:38:33 |
![]() |
CVE-2021-1362: Cisco Unified Communications Products Remote Code Execution Vulnerability Alert: On April 7, 2021, C… twitter.com/i/web/status/1… | 2021-04-08 21:39:03 |