CVE-2021-1226

EPSS 0.23%
Veröffentlicht 13.01.2021 22:15:20
Zuletzt bearbeitet 21.11.2024 05:43:52
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Emergency Responder Version >= 12.5\(1\) < 12.5\(1\)su3

Cisco ≫ Emergency Responder Version10.5(2)

Cisco ≫ Emergency Responder Version11.5(1)

Cisco ≫ Emergency Responder Version12.0(1)

Cisco ≫ Prime License Manager Version >= 11.5\(1\) < 11.5\(1\)su9

Cisco ≫ Prime License Manager Version10.5(2)

Cisco ≫ Unified Communications Manager SwEdition- Version >= 11.5\(1\) < 11.5\(1\)su9

Cisco ≫ Unified Communications Manager SwEditionsession_management Version >= 11.5\(1\) < 11.5\(1\)su9

Cisco ≫ Unified Communications Manager Version10.5(2) SwEdition-

Cisco ≫ Unified Communications Manager Version10.5(2) SwEditionsession_management

Cisco ≫ Unified Communications Manager Im & Presence Service Version >= 11.5\(1\) < 11.5\(1\)su9

Cisco ≫ Unified Communications Manager Im & Presence Service Version >= 12.5\(1\) < 12.5\(1\)su3

Cisco ≫ Unified Communications Manager Im & Presence Service Version10.5(2)

Cisco ≫ Unified Communications Manager Im & Presence Service Version12.0(1)

Cisco ≫ Unity Connection Version >= 11.5\(1\) < 11.5\(1\)su9

Cisco ≫ Unity Connection Version >= 12.0\(1\) < 12.0\(1\)su4

Cisco ≫ Unity Connection Version >= 12.5\(1\) < 12.5\(1\)su3

Cisco ≫ Unity Connection Version10.5(2)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.422

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-1226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-1226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-1226

EUVD