Lucene search

[email protected]CVE-2021-1357

HistoryJan 20, 2021 - 8:15 p.m.

CVE-2021-1357

2021-01-2020:15:17

CWE-35

CWE-22

[email protected]

web.nvd.nist.gov

cisco

unified communications manager

vulnerabilities

cisco unified cm im&p

sql injection

path traversal

nvd

cve-2021-1357

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

NVD

Node

ciscounified_communications_managerRange<11.5\(1\)su9

ciscounified_communications_managerRange<11.5\(1\)su9session_management

ciscounified_communications_managerRange12.0–12.0\(1\)su4

ciscounified_communications_managerRange12.0–12.0\(1\)su4session_management

ciscounified_communications_managerRange12.5–12.5\(1\)su4

ciscounified_communications_managerRange12.5–12.5\(1\)su4session_management

ciscounified_communications_manager_im_and_presence_serviceRange<11.5\(1\)su9

ciscounified_communications_manager_im_and_presence_serviceRange12.0–12.5\(1\)su4

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managerlt11.5\(1\)su9
cisco:unified_communications_managercisco unified communications managerlt12.0\(1\)su4
cisco:unified_communications_managercisco unified communications managerlt12.5\(1\)su4
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence servicelt11.5\(1\)su9
cisco:unified_communications_manager_im_and_presence_servicecisco unified communications manager im and presence servicelt12.5\(1\)su4

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	lt	11.5\(1\)su9
cisco:unified_communications_manager	cisco unified communications manager	lt	12.0\(1\)su4
cisco:unified_communications_manager	cisco unified communications manager	lt	12.5\(1\)su4
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	lt	11.5\(1\)su9
cisco:unified_communications_manager_im_and_presence_service	cisco unified communications manager im and presence service	lt	12.5\(1\)su4

CNA Affected

[
  {
    "product": "Cisco Unified Communications Manager ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6

Social References

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2021-1357

cvelist1 prion1 nvd1 nessus1 cisco1