CVE-2021-1406 — Insertion of Sensitive Information into Externally-Accessible File or Directory in Cisco Unified Communications Manager

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 59.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedApr 8

Latest updateMay 24

Description

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit coul…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/unified_communications_manager31 versions+30

▶CVEListV5cisco/cisco_unified_communications_managern/a

🔴Vulnerability Details

GHSA

GHSA-495g-cj2m-hr56: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM S↗2022-05-24

▶

CVEList

Cisco Unified Communications Manager Information Disclosure Vulnerability↗2021-04-08

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Information Disclosure Vulnerability↗2021-04-07

▶