{ "id": "CVE-2021-1406", "sourceIdentifier": "ykramarz@cisco.com", "published": "2021-04-08T04:15:12.593", "lastModified": "2022-09-20T17:01:29.010", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges." }, { "lang": "es", "value": "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME), podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n confidencial en un dispositivo afectado. La vulnerabilidad es debido a una inclusi\u00f3n inapropiada de informaci\u00f3n confidencial en archivos descargables. Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste espec\u00edfico de comandos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener credenciales hash de los usuarios del sistema. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales de usuario v\u00e1lidas con privilegios elevados" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.2, "impactScore": 3.6 } ], "cvssMetricV30": [ { "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.2, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] }, { "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-538" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*", "matchCriteriaId": "6781FEB3-73CF-451E-A373-19657DE750FE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*", "matchCriteriaId": "37F53ABC-C019-4BBB-8881-395F286EA43F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:-:*:*:*", "matchCriteriaId": "8E10EACB-885B-4FB1-89D7-1038336B997B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:session_management:*:*:*", "matchCriteriaId": "4277C3ED-77E5-4BBD-867E-0E5AD26CABDB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:-:*:*:*", "matchCriteriaId": "00B8DC04-D9B0-432A-B9B9-5E3A9428528B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:session_management:*:*:*", "matchCriteriaId": "785CD3D7-9967-4F4E-A76A-66F514BB8D46" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:-:*:*:*", "matchCriteriaId": "9F72E5FC-0459-4366-8D47-93306F25D31D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:session_management:*:*:*", "matchCriteriaId": "F9C6D49F-954B-4057-A51A-6ED1304EEC68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:-:*:*:*", "matchCriteriaId": "8FD488BB-6EB2-4084-B9C3-23E41D1FE0DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:session_management:*:*:*", "matchCriteriaId": "3225F4E8-4D2E-40EC-9BC0-799D34AB9C5C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:-:*:*:*", "matchCriteriaId": "32ADCDE2-5069-472A-96FB-20A62337DDE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:session_management:*:*:*", "matchCriteriaId": "57633170-0285-4C0E-A58F-AF970B97F24C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:-:*:*:*", "matchCriteriaId": "100A3B73-B286-4358-A829-7AFBE685F9E4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:session_management:*:*:*", "matchCriteriaId": "9262E014-86BE-41B5-827B-297157796107" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:-:*:*:*", "matchCriteriaId": "12D7018F-A242-49E2-9A2D-663EA34F6B4E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:session_management:*:*:*", "matchCriteriaId": "A987F37B-3705-4A99-BD79-0575A5882A7C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su5:*:*:*:*:*:*:*", "matchCriteriaId": "D7E3D8BF-B5A3-4857-94B7-3BDA59BD9BD0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:-:*:*:*", "matchCriteriaId": "9C36CC93-51D2-4856-860F-4DE90721B5EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:session_management:*:*:*", "matchCriteriaId": "0BC9CF9C-653E-45AF-8C15-E0D6052938B3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:-:*:*:*", "matchCriteriaId": "2C76AE40-E203-4206-AA54-D1B47EFBBFCE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:session_management:*:*:*", "matchCriteriaId": "0C51FA8B-D576-4174-947E-37DA5954B372" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:-:*:*:*", "matchCriteriaId": "A5677040-8E71-43A7-A5AB-389A2446FBB5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:session_management:*:*:*", "matchCriteriaId": "95D7060A-A44C-41F7-8F16-D6D066FA9E40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:-:*:*:*", "matchCriteriaId": "D2C99CC1-D20B-483D-83B2-C5A5654170D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:session_management:*:*:*", "matchCriteriaId": "C4CE477A-3796-4EF9-9158-E96A6058C208" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:-:*:*:*", "matchCriteriaId": "D0D0CC2A-4C22-440B-890C-C123562D3744" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:session_management:*:*:*", "matchCriteriaId": "F4558E9D-6144-4DD3-8131-D46DF5E066E8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:-:*:*:*", "matchCriteriaId": "24016D28-5B31-4A92-806B-36AC44CC4476" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:session_management:*:*:*", "matchCriteriaId": "0338F894-23F2-4063-AF30-A094F06BF0C0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:-:*:*:*", "matchCriteriaId": "9938A5E6-0A2E-46C3-B347-EA63304A8511" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:session_management:*:*:*", "matchCriteriaId": "AC3A6965-5989-47B1-BF13-F6D306BCE412" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:-:*:*:*", "matchCriteriaId": "0E572C74-117F-455B-8A5D-14E3A363F087" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:session_management:*:*:*", "matchCriteriaId": "641F8DC2-0595-41B5-B154-9CAB37B7E5F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:-:*:*:*", "matchCriteriaId": "319DA981-B200-409F-94D1-0808E0555F53" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:session_management:*:*:*", "matchCriteriaId": "81F945BC-7A46-48F8-B709-67692CF62C9A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:-:*:*:*", "matchCriteriaId": "841C7F5B-29F6-441C-8F02-DBCE8D1CD160" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:session_management:*:*:*", "matchCriteriaId": "C8D79377-AEA4-4F7D-931C-7938F2E72108" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:-:*:*:*", "matchCriteriaId": "0FC7FF7F-4870-4F68-B883-40AF4EAB8D15" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:session_management:*:*:*", "matchCriteriaId": "7BD8C20B-2C1E-422D-87C0-D478F4A3CFE9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:-:*:*:*", "matchCriteriaId": "BB663114-EC3F-4E9F-888D-5E4298C6F832" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:session_management:*:*:*", "matchCriteriaId": "430E4021-05BF-4E41-B197-BE2EEF8A8B76" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:-:*:*:*", "matchCriteriaId": "1E6135D4-FA64-425B-BE91-174D38B5DBDD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:session_management:*:*:*", "matchCriteriaId": "3912C8CB-01BF-4627-8960-E83F015115C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:-:*:*:*", "matchCriteriaId": "7E0BC7A5-8DED-49FA-AC67-55FD5082876B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:session_management:*:*:*", "matchCriteriaId": "075DF8B4-1651-46A4-8FE6-BEDC264E871A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*", "matchCriteriaId": "F2742FD5-CE1D-4FDC-818F-125600015BDF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*", "matchCriteriaId": "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*", "matchCriteriaId": "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", "matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:-:*:*:*", "matchCriteriaId": "616BEDFF-EB9A-4ADE-A672-B2E709DC844B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:session_management:*:*:*", "matchCriteriaId": "628A15DE-7852-4D4F-9D8B-A20A841708CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:-:*:*:*", "matchCriteriaId": "E077A144-3D5E-4984-8F2B-6A69C5ED3EE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:session_management:*:*:*", "matchCriteriaId": "25D5286C-249E-480A-88F9-0A573737297A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:-:*:*:*", "matchCriteriaId": "6353BE27-91F0-4E8B-89A3-30EC189798F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:session_management:*:*:*", "matchCriteriaId": "B4057BD8-B5C0-4A61-8AD7-8E59F351AF8B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:-:*:*:*", "matchCriteriaId": "F1FAF361-CEE8-4F75-B444-CFFB8A7D9AFE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:session_management:*:*:*", "matchCriteriaId": "15292BC9-7129-4BCF-BAED-E8EBDC27AFA4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:-:*:*:*", "matchCriteriaId": "387C66C7-42D7-4794-898C-85A098189BAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:session_management:*:*:*", "matchCriteriaId": "BC19BCD4-4E59-4B5A-936F-AF3F31315BA3" } ] } ] } ], "references": [ { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }