ID

VAR-202101-1006


CVE

CVE-2021-1355


TITLE

Cisco Unified Communications Manager SQL Injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1525

DESCRIPTION

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.08

sources: NVD: CVE-2021-1355 // VULHUB: VHN-374409 // VULMON: CVE-2021-1355

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:gteversion:12.5

Trust: 1.0

vendor:ciscomodel:unified communications manager im and presence servicescope:gteversion:12.0

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:ltversion:12.5\(1\)su4

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:ltversion:11.5\(1\)su9

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:ltversion:12.0\(1\)su4

Trust: 1.0

vendor:ciscomodel:unified communications manager im and presence servicescope:ltversion:12.5\(1\)su4

Trust: 1.0

vendor:ciscomodel:unified communications manager im and presence servicescope:ltversion:11.5\(1\)su9

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:gteversion:12.0

Trust: 1.0

sources: NVD: CVE-2021-1355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1355
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1355
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202101-1525
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374409
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1355
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374409
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1355
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374409 // VULMON: CVE-2021-1355 // CNNVD: CNNVD-202101-1525 // NVD: CVE-2021-1355 // NVD: CVE-2021-1355

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:CWE-35

Trust: 1.0

sources: VULHUB: VHN-374409 // NVD: CVE-2021-1355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1525

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1525

PATCH

title:Cisco Unified Communications Manager IM & Presence Service Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139788

Trust: 0.6

title:Cisco: Cisco Unified Communications Products Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-imp-trav-inj-dM687ZD6

Trust: 0.1

sources: VULMON: CVE-2021-1355 // CNNVD: CNNVD-202101-1525

EXTERNAL IDS

db:NVDid:CVE-2021-1355

Trust: 1.8

db:AUSCERTid:ESB-2021.0252

Trust: 0.6

db:CNNVDid:CNNVD-202101-1525

Trust: 0.6

db:VULHUBid:VHN-374409

Trust: 0.1

db:VULMONid:CVE-2021-1355

Trust: 0.1

sources: VULHUB: VHN-374409 // VULMON: CVE-2021-1355 // CNNVD: CNNVD-202101-1525 // NVD: CVE-2021-1355

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-imp-trav-inj-dm687zd6

Trust: 2.4

url:https://www.auscert.org.au/bulletins/esb-2021.0252/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1355

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-four-vulnerabilities-34392

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195342

Trust: 0.1

sources: VULHUB: VHN-374409 // VULMON: CVE-2021-1355 // CNNVD: CNNVD-202101-1525 // NVD: CVE-2021-1355

SOURCES

db:VULHUBid:VHN-374409
db:VULMONid:CVE-2021-1355
db:CNNVDid:CNNVD-202101-1525
db:NVDid:CVE-2021-1355

LAST UPDATE DATE

2024-08-14T13:43:39.400000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374409date:2021-01-29T00:00:00
db:VULMONid:CVE-2021-1355date:2021-01-29T00:00:00
db:CNNVDid:CNNVD-202101-1525date:2021-02-02T00:00:00
db:NVDid:CVE-2021-1355date:2023-11-07T03:28:04.667

SOURCES RELEASE DATE

db:VULHUBid:VHN-374409date:2021-01-20T00:00:00
db:VULMONid:CVE-2021-1355date:2021-01-20T00:00:00
db:CNNVDid:CNNVD-202101-1525date:2021-01-20T00:00:00
db:NVDid:CVE-2021-1355date:2021-01-20T20:15:17.610