Cisco Unified Communications Manager file information disclosure

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition (Unified Communication Software) (the affected version unknown). This affects some unknown functionality. Upgrading eliminates this vulnerability.

Field04/08/2021 10:36 AM04/11/2021 07:13 PM04/11/2021 07:20 PM
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifiercisco-sa-cucm-inf-disc-wCxZNjL2cisco-sa-cucm-inf-disc-wCxZNjL2cisco-sa-cucm-inf-disc-wCxZNjL2
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2
nameUpgradeUpgradeUpgrade
cveCVE-2021-1406CVE-2021-1406CVE-2021-1406
date1617832800 (04/08/2021)1617832800 (04/08/2021)1617832800 (04/08/2021)
typeUnified Communication SoftwareUnified Communication SoftwareUnified Communication Software
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore2.12.12.1
cvss2_vuldb_tempscore2.11.81.8
cvss3_vuldb_basescore3.13.13.1
cvss3_vuldb_tempscore3.13.03.0
cvss3_meta_basescore3.13.13.1
cvss3_meta_tempscore3.13.03.0
price_0day$5k-$25k$5k-$25k$5k-$25k
vendorCiscoCiscoCisco
nameUnified Communications Manager/Unified Communications Manager Session Management EditionUnified Communications Manager/Unified Communications Manager Session Management EditionUnified Communications Manager/Unified Communications Manager Session Management Edition
cwe538 (information disclosure)538 (information disclosure)538 (information disclosure)
cve_assigned16052220001605222000
cve_nvd_summaryA vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
cve_cnaCisco Systems, Inc.

Do you want to use VulDB in your project?

Use the official API to access entries easily!