CVE-2021-1406

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/08/2021 11:26:00 AM UTC

CVE-2021-1406 - advisory for cisco-sa-cucm-inf-disc-wCxZNjL2

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Certain versions of Unified Communications Manager from Cisco contain the following vulnerability:

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

  • CVE-2021-1406 has been assigned by [email protected] to track the vulnerability
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected Vendor/Software: Cisco - Cisco Unified Communications Manager version n/a

CVE References

Description Tags Link
Cisco Unified Communications Manager Information Disclosure Vulnerability tools.cisco.com
text/html
URL Logo CISCO 20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoUnified Communications Manager10.5\(2.10000.5\)AllAllAll
ApplicationCiscoUnified Communications Manager10.5\(2.10000.5\)AllAllAll
ApplicationCiscoUnified Communications Manager11.5\(1.10000.6\)AllAllAll
ApplicationCiscoUnified Communications Manager11.5\(1.10000.6\)AllAllAll
ApplicationCiscoUnified Communications Manager12.0\(1.10000.10\)AllAllAll
ApplicationCiscoUnified Communications Manager12.0\(1.10000.10\)AllAllAll
ApplicationCiscoUnified Communications Manager12.5\(1.10000.22\)AllAllAll
ApplicationCiscoUnified Communications Manager12.5\(1.10000.22\)AllAllAll
ApplicationCiscoUnified Communications Manager14.0\(1.10000.20\)AllAllAll
ApplicationCiscoUnified Communications Manager14.0\(1.10000.20\)AllAllAll
  • cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:session_management:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:session_management:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:session_management:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:session_management:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:unified_communications_manager:14.0\(1.10000.20\):*:*:*:session_management:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1406 : A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communicat… twitter.com/i/web/status/1… 2021-04-08 04:18:39