Details of VAR-202104-0455

ID

VAR-202104-0455

CVE

CVE-2021-1406

TITLE

Cisco Unified Communications Manager Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-444

DESCRIPTION

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.08

sources: NVD: CVE-2021-1406 // VULHUB: VHN-374460 // VULMON: CVE-2021-1406

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su3a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su8	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su8	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su9	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su7	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su6a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su7	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su10	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su9	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5\(2\)su4a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	12.5\(1\)su2	Trust: 1.0

sources: NVD: CVE-2021-1406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1406
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1406
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-444
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374460
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1406
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1406
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-374460
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1406
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-374460 // VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444 // NVD: CVE-2021-1406 // NVD: CVE-2021-1406

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-538	Trust: 1.0

sources: VULHUB: VHN-374460 // NVD: CVE-2021-1406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-444

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202104-444

PATCH

title:	Cisco Unified Communications Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146789	Trust: 0.6
title:	Cisco: Cisco Unified Communications Manager Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cucm-inf-disc-wCxZNjL2	Trust: 0.1

sources: VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1406	Trust: 1.8
db:	AUSCERT	id:	ESB-2021.1169	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-444	Trust: 0.6
db:	VULHUB	id:	VHN-374460	Trust: 0.1
db:	VULMON	id:	CVE-2021-1406	Trust: 0.1

sources: VULHUB: VHN-374460 // VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444 // NVD: CVE-2021-1406

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cucm-inf-disc-wcxznjl2	Trust: 1.9
url:	https://vigilance.fr/vulnerability/cisco-unified-communications-manager-information-disclosure-via-downloadable-files-35023	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1169	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1406	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/538.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374460 // VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444 // NVD: CVE-2021-1406

SOURCES

db:	VULHUB	id:	VHN-374460
db:	VULMON	id:	CVE-2021-1406
db:	CNNVD	id:	CNNVD-202104-444
db:	NVD	id:	CVE-2021-1406

LAST UPDATE DATE

2024-08-14T15:11:57.497000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374460	date:	2022-09-20T00:00:00
db:	VULMON	id:	CVE-2021-1406	date:	2021-04-19T00:00:00
db:	CNNVD	id:	CNNVD-202104-444	date:	2022-09-21T00:00:00
db:	NVD	id:	CVE-2021-1406	date:	2023-11-07T03:28:13.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374460	date:	2021-04-08T00:00:00
db:	VULMON	id:	CVE-2021-1406	date:	2021-04-08T00:00:00
db:	CNNVD	id:	CNNVD-202104-444	date:	2021-04-07T00:00:00
db:	NVD	id:	CVE-2021-1406	date:	2021-04-08T04:15:12.593