Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability

2021-04-0716:00:00

tools.cisco.com

cisco

unified communications manager

self care portal

authorization bypass

vulnerability

unauthorized modification

EPSS

0.001

Percentile

31.7%

JSON

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization.

The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE”]

Affected configurations

Vulners

Node

ciscounified_communications_managerMatchany

ciscounity_connectionMatchany

ciscounified_communications_managerMatchany

ciscounity_connectionMatchany

VendorProductVersionCPE
ciscounified_communications_manageranycpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:*
ciscounity_connectionanycpe:2.3:a:cisco:unity_connection:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	any	cpe:2.3:a:cisco:unified_communications_manager:any:::::::*
cisco	unity_connection	any	cpe:2.3:a:cisco:unity_connection:any:::::::*