QID 316928
Date Published: 2021-04-19
QID 316928: Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities(cisco-sa-cucm-xss-Q4PZcNzJ)
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM),
Cisco Unified Communications Manager IM Presence Service (Unified CM IMP), Cisco Unified Communications Manager Session Management Edition (Unified CM SME),
and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user.
Affected Products:
Cisco Product Vulnerable Releases CVE IDs
Unified CM Earlier than 14 CVE-2021-1380, CVE-2021-1407, CVE-2021-1408, CVE-2021-1409
Unified CM SME Earlier than 14 CVE-2021-1380, CVE-2021-1407, CVE-2021-1408, CVE-2021-1409
Unity Connection Earlier than 14 CVE-2021-1380, CVE-2021-1409
QID Detection Logic (Authenticated):
The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using " Active Master Version:" command.
A successful exploit could allow the attacker to execute arbitrary script code in the context
of the affected interface or access sensitive browser-based information.
Customers are advised to refer to cisco-sa-cucm-xss-Q4PZcNzJ for more information.
- cisco-sa-cucm-xss-Q4PZcNzJ -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ
CVEs related to QID 316928
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-cucm-xss-Q4PZcNzJ |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ |