ID

VAR-202105-0622


CVE

CVE-2021-1478


TITLE

Cisco Unified Communications Manager  and  Cisco Unified Communications Manager Session Management Edition  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006606

DESCRIPTION

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.34

sources: NVD: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374532 // VULMON: CVE-2021-1478

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:ltversion:12.6

Trust: 1.0

vendor:ciscomodel:hosted collaboration mediation fulfillmentscope:ltversion:12.6

Trust: 1.0

vendor:シスコシステムズmodel:cisco hosted collaboration mediation fulfillmentscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified communications managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006606 // NVD: CVE-2021-1478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1478
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1478
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1478
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-198
value: MEDIUM

Trust: 0.6

VULHUB: VHN-374532
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-1478
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1478
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374532
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1478
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1478
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-1478
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374532 // VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198 // NVD: CVE-2021-1478 // NVD: CVE-2021-1478

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-006606 // NVD: CVE-2021-1478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-198

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198

PATCH

title:cisco-sa-ucm-dos-OO4SRYEfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf

Trust: 0.8

title:Cisco Unified Communications Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151074

Trust: 0.6

title:Cisco: Cisco Unified Communications Manager Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucm-dos-OO4SRYEf

Trust: 0.1

sources: VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202105-198

EXTERNAL IDS

db:NVDid:CVE-2021-1478

Trust: 3.4

db:JVNDBid:JVNDB-2021-006606

Trust: 0.8

db:CNNVDid:CNNVD-202105-198

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021050624

Trust: 0.6

db:AUSCERTid:ESB-2021.1542

Trust: 0.6

db:VULHUBid:VHN-374532

Trust: 0.1

db:VULMONid:CVE-2021-1478

Trust: 0.1

sources: VULHUB: VHN-374532 // VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198 // NVD: CVE-2021-1478

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucm-dos-oo4sryef

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-1478

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-jmx-35263

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1542

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050624

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374532 // VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198 // NVD: CVE-2021-1478

SOURCES

db:VULHUBid:VHN-374532
db:VULMONid:CVE-2021-1478
db:JVNDBid:JVNDB-2021-006606
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-198
db:NVDid:CVE-2021-1478

LAST UPDATE DATE

2024-08-14T12:29:00.366000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374532date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-1478date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006606date:2022-01-14T03:03:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-198date:2021-05-19T00:00:00
db:NVDid:CVE-2021-1478date:2023-11-07T03:28:24.250

SOURCES RELEASE DATE

db:VULHUBid:VHN-374532date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-1478date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006606date:2022-01-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-198date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1478date:2021-05-06T13:15:10.360