CVE-2021-1406

Published Apr 8, 2021
Last updated a year ago
CVSS medium 4.9
Overview

Description: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-200
ykramarz@cisco.com: CWE-538
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6781FEB3-73CF-451E-A373-19657DE750FE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37F53ABC-C019-4BBB-8881-395F286EA43F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E10EACB-885B-4FB1-89D7-1038336B997B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4277C3ED-77E5-4BBD-867E-0E5AD26CABDB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00B8DC04-D9B0-432A-B9B9-5E3A9428528B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "785CD3D7-9967-4F4E-A76A-66F514BB8D46"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F72E5FC-0459-4366-8D47-93306F25D31D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9C6D49F-954B-4057-A51A-6ED1304EEC68"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FD488BB-6EB2-4084-B9C3-23E41D1FE0DD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3225F4E8-4D2E-40EC-9BC0-799D34AB9C5C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32ADCDE2-5069-472A-96FB-20A62337DDE2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57633170-0285-4C0E-A58F-AF970B97F24C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "100A3B73-B286-4358-A829-7AFBE685F9E4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9262E014-86BE-41B5-827B-297157796107"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12D7018F-A242-49E2-9A2D-663EA34F6B4E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A987F37B-3705-4A99-BD79-0575A5882A7C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7E3D8BF-B5A3-4857-94B7-3BDA59BD9BD0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C36CC93-51D2-4856-860F-4DE90721B5EF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BC9CF9C-653E-45AF-8C15-E0D6052938B3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C76AE40-E203-4206-AA54-D1B47EFBBFCE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C51FA8B-D576-4174-947E-37DA5954B372"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5677040-8E71-43A7-A5AB-389A2446FBB5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95D7060A-A44C-41F7-8F16-D6D066FA9E40"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2C99CC1-D20B-483D-83B2-C5A5654170D0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4CE477A-3796-4EF9-9158-E96A6058C208"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0D0CC2A-4C22-440B-890C-C123562D3744"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4558E9D-6144-4DD3-8131-D46DF5E066E8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24016D28-5B31-4A92-806B-36AC44CC4476"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0338F894-23F2-4063-AF30-A094F06BF0C0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9938A5E6-0A2E-46C3-B347-EA63304A8511"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC3A6965-5989-47B1-BF13-F6D306BCE412"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E572C74-117F-455B-8A5D-14E3A363F087"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "641F8DC2-0595-41B5-B154-9CAB37B7E5F7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "319DA981-B200-409F-94D1-0808E0555F53"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F945BC-7A46-48F8-B709-67692CF62C9A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "841C7F5B-29F6-441C-8F02-DBCE8D1CD160"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8D79377-AEA4-4F7D-931C-7938F2E72108"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC7FF7F-4870-4F68-B883-40AF4EAB8D15"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BD8C20B-2C1E-422D-87C0-D478F4A3CFE9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB663114-EC3F-4E9F-888D-5E4298C6F832"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "430E4021-05BF-4E41-B197-BE2EEF8A8B76"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E6135D4-FA64-425B-BE91-174D38B5DBDD"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3912C8CB-01BF-4627-8960-E83F015115C8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E0BC7A5-8DED-49FA-AC67-55FD5082876B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075DF8B4-1651-46A4-8FE6-BEDC264E871A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2742FD5-CE1D-4FDC-818F-125600015BDF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "616BEDFF-EB9A-4ADE-A672-B2E709DC844B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "628A15DE-7852-4D4F-9D8B-A20A841708CB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E077A144-3D5E-4984-8F2B-6A69C5ED3EE6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25D5286C-249E-480A-88F9-0A573737297A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6353BE27-91F0-4E8B-89A3-30EC189798F3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4057BD8-B5C0-4A61-8AD7-8E59F351AF8B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1FAF361-CEE8-4F75-B444-CFFB8A7D9AFE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15292BC9-7129-4BCF-BAED-E8EBDC27AFA4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387C66C7-42D7-4794-898C-85A098189BAA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:session_management:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC19BCD4-4E59-4B5A-936F-AF3F31315BA3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
