Details of VAR-202105-0622

ID

VAR-202105-0622

CVE

CVE-2021-1478

TITLE

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006606

DESCRIPTION

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 2.34

sources: NVD: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374532 // VULMON: CVE-2021-1478

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	lt	version:	12.6	Trust: 1.0
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	lt	version:	12.6	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco hosted collaboration mediation fulfillment	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco unified communications manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006606 // NVD: CVE-2021-1478

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1478
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1478
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-1478
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-198
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-374532
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1478
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1478
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-374532
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1478
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1478
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-1478
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-374532 // VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198 // NVD: CVE-2021-1478 // NVD: CVE-2021-1478

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006606 // NVD: CVE-2021-1478

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-198

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198

PATCH

title:	cisco-sa-ucm-dos-OO4SRYEf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf	Trust: 0.8
title:	Cisco Unified Communications Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151074	Trust: 0.6
title:	Cisco: Cisco Unified Communications Manager Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ucm-dos-OO4SRYEf	Trust: 0.1

sources: VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202105-198

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1478	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-006606	Trust: 0.8
db:	CNNVD	id:	CNNVD-202105-198	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021050624	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1542	Trust: 0.6
db:	VULHUB	id:	VHN-374532	Trust: 0.1
db:	VULMON	id:	CVE-2021-1478	Trust: 0.1

sources: VULHUB: VHN-374532 // VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198 // NVD: CVE-2021-1478

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ucm-dos-oo4sryef	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1478	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-unified-communications-manager-denial-of-service-via-jmx-35263	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1542	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021050624	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-374532 // VULMON: CVE-2021-1478 // JVNDB: JVNDB-2021-006606 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-198 // NVD: CVE-2021-1478

SOURCES

db:	VULHUB	id:	VHN-374532
db:	VULMON	id:	CVE-2021-1478
db:	JVNDB	id:	JVNDB-2021-006606
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-198
db:	NVD	id:	CVE-2021-1478

LAST UPDATE DATE

2024-08-14T12:29:00.366000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-374532	date:	2021-05-14T00:00:00
db:	VULMON	id:	CVE-2021-1478	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006606	date:	2022-01-14T03:03:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-198	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-1478	date:	2023-11-07T03:28:24.250

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-374532	date:	2021-05-06T00:00:00
db:	VULMON	id:	CVE-2021-1478	date:	2021-05-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-006606	date:	2022-01-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-198	date:	2021-05-05T00:00:00
db:	NVD	id:	CVE-2021-1478	date:	2021-05-06T13:15:10.360