CVE-2021-1362

CWE-94 — Code Injection5 documents5 sources

Severity

8.8HIGH

EPSS

2.0%

top 16.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime License Manager Cisco Unified Communications Manager Cisco Unified Communications Manager IM \& Presence Service +2 more

Timeline

PublishedApr 8

Latest updateMay 24

Description

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDcisco/unified_communications_manager_im_\&_presence_service10.5\(2\) — 11.5\(1\)su9+1

▶NVDcisco/unified_communications_manager10.5\(2\) — 11.5\(1\)su9+1

▶NVDcisco/prime_license_manager10.5\(2\) — 11.5\(1\)su9

▶NVDcisco/unity_connection10.5\(2\) — 11.5\(1\)su9+1

▶CVEListV5cisco/cisco_unity_connectionn/a

🔴Vulnerability Details

GHSA

GHSA-4c73-jxqq-mjrg: A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cis↗2022-05-24

▶

CVEList

Cisco Unified Communications Products Remote Code Execution Vulnerability↗2021-04-08

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Products Remote Code Execution Vulnerability↗2021-04-07

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: Buffer overflow vulnerabilities in Accusoft ImageGear could lead to code execution↗2022-02-23

▶