Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-1226

Опубликовано: 13 янв. 2021
Источник: nvd
CVSS3: 4.3
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*
Версия от 12.5\(1\) (включая) до 12.5\(1\)su3 (исключая)
cpe:2.3:a:cisco:emergency_responder:10.5\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:emergency_responder:11.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:emergency_responder:12.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*
Версия от 11.5\(1\) (включая) до 11.5\(1\)su9 (исключая)
cpe:2.3:a:cisco:prime_license_manager:10.5\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
Версия от 11.5\(1\) (включая) до 11.5\(1\)su9 (исключая)
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
Версия от 11.5\(1\) (включая) до 11.5\(1\)su9 (исключая)
cpe:2.3:a:cisco:unified_communications_manager:10.5\(2\):*:*:*:-:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:10.5\(2\):*:*:*:session_management:*:*:*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:*:*:*:*:*:*:*:*
Версия от 11.5\(1\) (включая) до 11.5\(1\)su9 (исключая)
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:*:*:*:*:*:*:*:*
Версия от 12.5\(1\) (включая) до 12.5\(1\)su3 (исключая)
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:10.5\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager_im_\&_presence_service:12.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
Версия от 11.5\(1\) (включая) до 11.5\(1\)su9 (исключая)
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
Версия от 12.0\(1\) (включая) до 12.0\(1\)su4 (исключая)
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
Версия от 12.5\(1\) (включая) до 12.5\(1\)su3 (исключая)
cpe:2.3:a:cisco:unity_connection:10.5\(2\):*:*:*:*:*:*:*

EPSS

Процентиль: 44%
0.00219
Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532
CWE-532

Связанные уязвимости

github логотип

GHSA-mg6r-7gcg-995g

github
больше 3 лет назад

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

fstec логотип

BDU:2021-00297

CVSS3: 4.3
fstec
около 5 лет назад

Уязвимость компонента журнала аудита систем обработки вызовов Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Emergency Responder, системы обмена сообщениями Cisco Unity Connection и программного средства управление лицензированием Cisco Prime License Manager (PLM), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 44%
0.00219
Низкий

4.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532
CWE-532