Details of VAR-202101-1007

ID

VAR-202101-1007

CVE

CVE-2021-1357

TITLE

Cisco Unified Communications Manager IM & Presence Service Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202101-1527

DESCRIPTION

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.08

sources: NVD: CVE-2021-1357 // VULHUB: VHN-374411 // VULMON: CVE-2021-1357

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	gte	version:	12.5	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	gte	version:	12.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	12.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	11.5\(1\)su9	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	12.0\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	lt	version:	12.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager im and presence service	scope:	lt	version:	11.5\(1\)su9	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	gte	version:	12.0	Trust: 1.0

sources: NVD: CVE-2021-1357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1357
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1357
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202101-1527
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374411
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1357
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1357
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374411
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1357
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374411 // VULMON: CVE-2021-1357 // CNNVD: CNNVD-202101-1527 // NVD: CVE-2021-1357 // NVD: CVE-2021-1357

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.1
problemtype:	CWE-35	Trust: 1.0

sources: VULHUB: VHN-374411 // NVD: CVE-2021-1357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202101-1527

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202101-1527

PATCH

title:	Cisco Unified Communications Manager IM & Presence Service Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=139923	Trust: 0.6
title:	Cisco: Cisco Unified Communications Products Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-imp-trav-inj-dM687ZD6	Trust: 0.1

sources: VULMON: CVE-2021-1357 // CNNVD: CNNVD-202101-1527

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1357	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.0252	Trust: 0.6
db:	CNNVD	id:	CNNVD-202101-1527	Trust: 0.6
db:	VULHUB	id:	VHN-374411	Trust: 0.1
db:	VULMON	id:	CVE-2021-1357	Trust: 0.1

sources: VULHUB: VHN-374411 // VULMON: CVE-2021-1357 // CNNVD: CNNVD-202101-1527 // NVD: CVE-2021-1357

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-imp-trav-inj-dm687zd6	Trust: 2.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0252/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1357	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-unified-communications-manager-four-vulnerabilities-34392	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/35.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/195343	Trust: 0.1

sources: VULHUB: VHN-374411 // VULMON: CVE-2021-1357 // CNNVD: CNNVD-202101-1527 // NVD: CVE-2021-1357

SOURCES

db:	VULHUB	id:	VHN-374411
db:	VULMON	id:	CVE-2021-1357
db:	CNNVD	id:	CNNVD-202101-1527
db:	NVD	id:	CVE-2021-1357

LAST UPDATE DATE

2024-08-14T13:43:39.423000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374411	date:	2022-10-29T00:00:00
db:	VULMON	id:	CVE-2021-1357	date:	2021-01-29T00:00:00
db:	CNNVD	id:	CNNVD-202101-1527	date:	2022-10-31T00:00:00
db:	NVD	id:	CVE-2021-1357	date:	2023-11-07T03:28:05.010

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374411	date:	2021-01-20T00:00:00
db:	VULMON	id:	CVE-2021-1357	date:	2021-01-20T00:00:00
db:	CNNVD	id:	CNNVD-202101-1527	date:	2021-01-20T00:00:00
db:	NVD	id:	CVE-2021-1357	date:	2021-01-20T20:15:17.690