CVE-2021-1357: Cisco Unified Communications Products Vulnerabilities
First published: Wed Jan 20 2021(Updated: )
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | <11.5\(1\)su9 | |
| Cisco Unified Communications Manager | <11.5\(1\)su9 | |
| Cisco Unified Communications Manager | >=12.0<12.0\(1\)su4 | |
| Cisco Unified Communications Manager | >=12.0<12.0\(1\)su4 | |
| Cisco Unified Communications Manager | >=12.5<12.5\(1\)su4 | |
| Cisco Unified Communications Manager | >=12.5<12.5\(1\)su4 | |
| Cisco Unified Communications Manager IM and Presence Service | <11.5\(1\)su9 | |
| Cisco Unified Communications Manager IM and Presence Service | >=12.0<12.5\(1\)su4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Unified Communications Manager vulnerability?
The vulnerability ID is CVE-2021-1357.
What is the severity rating of CVE-2021-1357?
The severity rating of CVE-2021-1357 is medium.
What software is affected by this vulnerability?
The Cisco Unified Communications Manager and Cisco Unified Communications Manager IM & Presence Service versions 11.5(1)su9, 12.0(1)su4, 12.5(1)su4, and earlier are affected.
What are the possible impacts of CVE-2021-1357?
The vulnerability could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the Cisco Security Advisory website: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/12.0
- version/cisco unified communications manager/12.5
- canonical/cisco unified communications manager im and presence service
- version/cisco unified communications manager im and presence service/12.0