CVE-2021-1399Authentication Bypass by Assumed-Immutable Data in Cisco Unified Communications Manager

CWE-302Authentication Bypass by Assumed-Immutable Data4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 78.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedApr 8
Latest updateMay 24

Description

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A succes

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/unified_communications_manager10.5\(2\)12.5\(1\)su4

🔴Vulnerability Details

2
GHSA
GHSA-wpj5-cw66-j932: A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Manageme2022-05-24
CVEList
Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability2021-04-08

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability2021-04-07