ID

VAR-202104-0462


CVE

CVE-2021-1399


TITLE

Cisco Unified Communications Manager  and  Cisco Unified Communications Manager Session Management Edition  Authentication evasion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005313

DESCRIPTION

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization. Cisco Cisco Self Care Portal is an application system of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2021-1399 // JVNDB: JVNDB-2021-005313 // VULHUB: VHN-374453 // VULMON: CVE-2021-1399

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:gteversion:10.5\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:ltversion:12.5\(1\)su4

Trust: 1.0

vendor:シスコシステムズmodel:cisco unified communications managerscope:eqversion:session management edition

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified communications managerscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified communications managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-005313 // NVD: CVE-2021-1399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1399
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1399
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1399
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-440
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374453
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1399
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1399
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374453
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1399
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2021-1399
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374453 // VULMON: CVE-2021-1399 // JVNDB: JVNDB-2021-005313 // CNNVD: CNNVD-202104-440 // NVD: CVE-2021-1399 // NVD: CVE-2021-1399

PROBLEMTYPE DATA

problemtype:CWE-302

Trust: 1.1

problemtype:Authentication evasion vulnerability (CWE-302) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374453 // JVNDB: JVNDB-2021-005313 // NVD: CVE-2021-1399

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-440

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-440

PATCH

title:cisco-sa-cucm-selfcare-VRWWWHgEurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE

Trust: 0.8

title:Cisco Self Care Portal Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147198

Trust: 0.6

title:Cisco: Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cucm-selfcare-VRWWWHgE

Trust: 0.1

sources: VULMON: CVE-2021-1399 // JVNDB: JVNDB-2021-005313 // CNNVD: CNNVD-202104-440

EXTERNAL IDS

db:NVDid:CVE-2021-1399

Trust: 3.4

db:JVNDBid:JVNDB-2021-005313

Trust: 0.8

db:AUSCERTid:ESB-2021.1170

Trust: 0.6

db:CNNVDid:CNNVD-202104-440

Trust: 0.6

db:VULHUBid:VHN-374453

Trust: 0.1

db:VULMONid:CVE-2021-1399

Trust: 0.1

sources: VULHUB: VHN-374453 // VULMON: CVE-2021-1399 // JVNDB: JVNDB-2021-005313 // CNNVD: CNNVD-202104-440 // NVD: CVE-2021-1399

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cucm-selfcare-vrwwwhge

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1399

Trust: 1.4

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-privilege-escalation-via-self-care-portal-35025

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1170

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/302.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374453 // VULMON: CVE-2021-1399 // JVNDB: JVNDB-2021-005313 // CNNVD: CNNVD-202104-440 // NVD: CVE-2021-1399

SOURCES

db:VULHUBid:VHN-374453
db:VULMONid:CVE-2021-1399
db:JVNDBid:JVNDB-2021-005313
db:CNNVDid:CNNVD-202104-440
db:NVDid:CVE-2021-1399

LAST UPDATE DATE

2024-08-14T15:27:47.505000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374453date:2021-04-13T00:00:00
db:VULMONid:CVE-2021-1399date:2021-04-13T00:00:00
db:JVNDBid:JVNDB-2021-005313date:2021-12-10T09:10:00
db:CNNVDid:CNNVD-202104-440date:2021-04-19T00:00:00
db:NVDid:CVE-2021-1399date:2023-11-07T03:28:12.933

SOURCES RELEASE DATE

db:VULHUBid:VHN-374453date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1399date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-005313date:2021-12-10T00:00:00
db:CNNVDid:CNNVD-202104-440date:2021-04-07T00:00:00
db:NVDid:CVE-2021-1399date:2021-04-08T04:15:12.500