CVE-2021-1226

CWE-532Log File Information Exposure4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 55.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco Emergency ResponderCisco Prime License ManagerCisco Unified Communications Manager+3 more
Timeline
PublishedJan 13
Latest updateMay 24

Description

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker cou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

NVDcisco/unified_communications_manager11.5\(1\)11.5\(1\)su9+1
NVDcisco/prime_license_manager11.5\(1\)11.5\(1\)su9+1
NVDcisco/unity_connection11.5\(1\)11.5\(1\)su9+3
NVDcisco/emergency_responder12.5\(1\)12.5\(1\)su3+3

🔴Vulnerability Details

2
GHSA
GHSA-mg6r-7gcg-995g: A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Editio2022-05-24
CVEList
Cisco Unified Communications Products Information Disclosure Vulnerability2021-01-13

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Products Information Disclosure Vulnerability2021-01-13
CVE-2021-1226 (MEDIUM CVSS 6.5) | A vulnerability in the audit loggin | cvebase.io