Published: 08/04/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote malicious user to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the malicious user to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified communications manager 12.5\\(1\\)
cisco unified communications manager 12.0\\(1\\)
cisco unified communications manager 10.5\\(2\\)
cisco unified communications manager 11.5\\(1\\)
cisco unified communications manager 10.5\\(2\\)su1
cisco unified communications manager 10.5\\(2\\)su2
cisco unified communications manager 10.5\\(2\\)su2a
cisco unified communications manager 10.5\\(2\\)su3
cisco unified communications manager 10.5\\(2\\)su3a
cisco unified communications manager 10.5\\(2\\)su4
cisco unified communications manager 10.5\\(2\\)su4a
cisco unified communications manager 10.5\\(2\\)su5
cisco unified communications manager 10.5\\(2\\)su6
cisco unified communications manager 10.5\\(2\\)su6a
cisco unified communications manager 10.5\\(2\\)su7
cisco unified communications manager 10.5\\(2\\)su8
cisco unified communications manager 10.5\\(2\\)su9
cisco unified communications manager 10.5\\(2\\)su10
cisco unified communications manager 12.5\\(1\\)su1
cisco unified communications manager 12.5\\(1\\)su2
cisco unified communications manager 12.5\\(1\\)su3
cisco unified communications manager 12.5\\(1\\)su4
cisco unified communications manager 12.5\\(1\\)su5
cisco unified communications manager 11.5\\(1\\)su1
cisco unified communications manager 11.5\\(1\\)su2
cisco unified communications manager 11.5\\(1\\)su3
cisco unified communications manager 11.5\\(1\\)su4
cisco unified communications manager 11.5\\(1\\)su5
cisco unified communications manager 11.5\\(1\\)su7
cisco unified communications manager 11.5\\(1\\)su8
cisco unified communications manager 11.5\\(1\\)su9

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device The vulnerability is due to improper inclusion of sensitive information in downloadable files ...

CWE-200 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

CVE-2021-1406

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect