CVE-2021-1395

Published on: 06/16/2021 12:00:00 AM UTC

Last Modified on: 06/22/2021 01:49:00 PM UTC

CVE-2021-1395 - advisory for cisco-sa-cuic-xss-csHUdtrL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Certain versions of Packaged Contact Center Enterprise from Cisco contain the following vulnerability:

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

CVE-2021-1395 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected Vendor/Software: Cisco - Cisco Unified Contact Center Express version n/a

CVSS3 Score: 6.1 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	LOW	NONE	REQUIRED
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
CHANGED	LOW	LOW	NONE

CVSS2 Score: 4.3 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	MEDIUM	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
NONE	PARTIAL	NONE

CVE References

Description	Tags ^ⓘ	Link
Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability	tools.cisco.com text/html	CISCO 20210616 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

316992 Cisco Unified Contact Center Express Reflected Cross-Site Scripting Vulnerability(cisco-sa-cuic-xss-csHUdtrL)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Cisco	Packaged Contact Center Enterprise	-	All	All	All
Operating System	Cisco	Unified Contact Center Enterprise	-	All	All	All
Operating System	Cisco	Unified Contact Center Express	All	All	All	All
Operating System	Cisco	Unified Intelligence Center	12.5\(1\)	All	All	All
Operating System	Cisco	Unified Intelligence Center	All	All	All	All

cpe:2.3:o:cisco:packaged_contact_center_enterprise:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:unified_intelligence_center:12.5\(1\):*:*:*:*:*:*:*:
cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@CVEreport	CVE-2021-1395 : A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could a… twitter.com/i/web/status/1…	2021-06-16 17:53:08
@QuaHac	Got another CVE-2021-1395 assigned from @Cisco XSS on Cisco Unified Intelligence Center (CUIC) thx again for update @CiscoPSIRT	2021-06-16 20:25:30
/r/netcve	CVE-2021-1395	2021-06-16 18:41:36