ID

VAR-202104-0455


CVE

CVE-2021-1406


TITLE

Cisco Unified Communications Manager Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-444

DESCRIPTION

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.08

sources: NVD: CVE-2021-1406 // VULHUB: VHN-374460 // VULMON: CVE-2021-1406

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su3a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su2a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su8

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su8

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1\)su3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su9

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su7

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su6

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su6a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su7

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su10

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1\)su5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1\)su4

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su9

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su4

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1\)su5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su4

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2\)su4a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1\)su2

Trust: 1.0

sources: NVD: CVE-2021-1406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1406
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1406
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-444
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374460
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1406
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1406
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-374460
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1406
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULHUB: VHN-374460 // VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444 // NVD: CVE-2021-1406 // NVD: CVE-2021-1406

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-538

Trust: 1.0

sources: VULHUB: VHN-374460 // NVD: CVE-2021-1406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-444

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202104-444

PATCH

title:Cisco Unified Communications Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146789

Trust: 0.6

title:Cisco: Cisco Unified Communications Manager Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cucm-inf-disc-wCxZNjL2

Trust: 0.1

sources: VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444

EXTERNAL IDS

db:NVDid:CVE-2021-1406

Trust: 1.8

db:AUSCERTid:ESB-2021.1169

Trust: 0.6

db:CNNVDid:CNNVD-202104-444

Trust: 0.6

db:VULHUBid:VHN-374460

Trust: 0.1

db:VULMONid:CVE-2021-1406

Trust: 0.1

sources: VULHUB: VHN-374460 // VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444 // NVD: CVE-2021-1406

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cucm-inf-disc-wcxznjl2

Trust: 1.9

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-information-disclosure-via-downloadable-files-35023

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1169

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1406

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/538.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374460 // VULMON: CVE-2021-1406 // CNNVD: CNNVD-202104-444 // NVD: CVE-2021-1406

SOURCES

db:VULHUBid:VHN-374460
db:VULMONid:CVE-2021-1406
db:CNNVDid:CNNVD-202104-444
db:NVDid:CVE-2021-1406

LAST UPDATE DATE

2024-08-14T15:11:57.497000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374460date:2022-09-20T00:00:00
db:VULMONid:CVE-2021-1406date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-202104-444date:2022-09-21T00:00:00
db:NVDid:CVE-2021-1406date:2023-11-07T03:28:13.707

SOURCES RELEASE DATE

db:VULHUBid:VHN-374460date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1406date:2021-04-08T00:00:00
db:CNNVDid:CNNVD-202104-444date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1406date:2021-04-08T04:15:12.593