CVE-2021-1478

CWE-284Improper Access Control4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 52.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Hosted Collaboration Mediation FulfillmentCisco Unified Communications ManagerCisco Cisco Unified Communications Manager
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-5248-64jc-4p36: A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communication2022-05-24
CVEList
Cisco Unified Communications Manager Denial of Service Vulnerability2021-05-06

📋Vendor Advisories

1
Cisco
Cisco Hosted Collaboration Mediation Fulfillment Denial of Service Vulnerability2021-05-05
CVE-2021-1478 (MEDIUM CVSS 6.5) | A vulnerability in the Java Managem | cvebase.io