CVE-2021-1406

{"id": "CVE-2021-1406", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-04-08T04:15:12.593", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-538"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME), podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n confidencial en un dispositivo afectado. La vulnerabilidad es debido a una inclusi\u00f3n inapropiada de informaci\u00f3n confidencial en archivos descargables. Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste espec\u00edfico de comandos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener credenciales hash de los usuarios del sistema. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales de usuario v\u00e1lidas con privilegios elevados"}], "lastModified": "2024-11-21T05:44:16.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "6781FEB3-73CF-451E-A373-19657DE750FE"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "37F53ABC-C019-4BBB-8881-395F286EA43F"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8E10EACB-885B-4FB1-89D7-1038336B997B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "4277C3ED-77E5-4BBD-867E-0E5AD26CABDB"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "00B8DC04-D9B0-432A-B9B9-5E3A9428528B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "785CD3D7-9967-4F4E-A76A-66F514BB8D46"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9F72E5FC-0459-4366-8D47-93306F25D31D"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C6D49F-954B-4057-A51A-6ED1304EEC68"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8FD488BB-6EB2-4084-B9C3-23E41D1FE0DD"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "3225F4E8-4D2E-40EC-9BC0-799D34AB9C5C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "32ADCDE2-5069-472A-96FB-20A62337DDE2"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "57633170-0285-4C0E-A58F-AF970B97F24C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "100A3B73-B286-4358-A829-7AFBE685F9E4"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "9262E014-86BE-41B5-827B-297157796107"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "12D7018F-A242-49E2-9A2D-663EA34F6B4E"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "A987F37B-3705-4A99-BD79-0575A5882A7C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7E3D8BF-B5A3-4857-94B7-3BDA59BD9BD0"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9C36CC93-51D2-4856-860F-4DE90721B5EF"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "0BC9CF9C-653E-45AF-8C15-E0D6052938B3"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "2C76AE40-E203-4206-AA54-D1B47EFBBFCE"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "0C51FA8B-D576-4174-947E-37DA5954B372"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A5677040-8E71-43A7-A5AB-389A2446FBB5"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "95D7060A-A44C-41F7-8F16-D6D066FA9E40"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D2C99CC1-D20B-483D-83B2-C5A5654170D0"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "C4CE477A-3796-4EF9-9158-E96A6058C208"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D0D0CC2A-4C22-440B-890C-C123562D3744"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "F4558E9D-6144-4DD3-8131-D46DF5E066E8"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "24016D28-5B31-4A92-806B-36AC44CC4476"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "0338F894-23F2-4063-AF30-A094F06BF0C0"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "9938A5E6-0A2E-46C3-B347-EA63304A8511"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "AC3A6965-5989-47B1-BF13-F6D306BCE412"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0E572C74-117F-455B-8A5D-14E3A363F087"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "641F8DC2-0595-41B5-B154-9CAB37B7E5F7"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "319DA981-B200-409F-94D1-0808E0555F53"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "81F945BC-7A46-48F8-B709-67692CF62C9A"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "841C7F5B-29F6-441C-8F02-DBCE8D1CD160"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "C8D79377-AEA4-4F7D-931C-7938F2E72108"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0FC7FF7F-4870-4F68-B883-40AF4EAB8D15"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD8C20B-2C1E-422D-87C0-D478F4A3CFE9"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "BB663114-EC3F-4E9F-888D-5E4298C6F832"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "430E4021-05BF-4E41-B197-BE2EEF8A8B76"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "1E6135D4-FA64-425B-BE91-174D38B5DBDD"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "3912C8CB-01BF-4627-8960-E83F015115C8"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7E0BC7A5-8DED-49FA-AC67-55FD5082876B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "075DF8B4-1651-46A4-8FE6-BEDC264E871A"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F2742FD5-CE1D-4FDC-818F-125600015BDF"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "616BEDFF-EB9A-4ADE-A672-B2E709DC844B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "628A15DE-7852-4D4F-9D8B-A20A841708CB"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E077A144-3D5E-4984-8F2B-6A69C5ED3EE6"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "25D5286C-249E-480A-88F9-0A573737297A"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "6353BE27-91F0-4E8B-89A3-30EC189798F3"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "B4057BD8-B5C0-4A61-8AD7-8E59F351AF8B"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "F1FAF361-CEE8-4F75-B444-CFFB8A7D9AFE"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "15292BC9-7129-4BCF-BAED-E8EBDC27AFA4"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "387C66C7-42D7-4794-898C-85A098189BAA"}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:session_management:*:*:*", "vulnerable": true, "matchCriteriaId": "BC19BCD4-4E59-4B5A-936F-AF3F31315BA3"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}