CVE-2021-1406: Cisco Unified Communications Manager Information Disclosure Vulnerability
First published: Thu Apr 08 2021(Updated: )
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =10.5\(2\) | |
| Cisco Unified Communications Manager | =10.5\(2\) | |
| Cisco Unified Communications Manager | =10.5\(2\)su1 | |
| Cisco Unified Communications Manager | =10.5\(2\)su1 | |
| Cisco Unified Communications Manager | =10.5\(2\)su2 | |
| Cisco Unified Communications Manager | =10.5\(2\)su2 | |
| Cisco Unified Communications Manager | =10.5\(2\)su2a | |
| Cisco Unified Communications Manager | =10.5\(2\)su2a | |
| Cisco Unified Communications Manager | =10.5\(2\)su3 | |
| Cisco Unified Communications Manager | =10.5\(2\)su3 | |
| Cisco Unified Communications Manager | =10.5\(2\)su3a | |
| Cisco Unified Communications Manager | =10.5\(2\)su3a | |
| Cisco Unified Communications Manager | =10.5\(2\)su4 | |
| Cisco Unified Communications Manager | =10.5\(2\)su4 | |
| Cisco Unified Communications Manager | =10.5\(2\)su4a | |
| Cisco Unified Communications Manager | =10.5\(2\)su4a | |
| Cisco Unified Communications Manager | =10.5\(2\)su5 | |
| Cisco Unified Communications Manager | =10.5\(2\)su6 | |
| Cisco Unified Communications Manager | =10.5\(2\)su6 | |
| Cisco Unified Communications Manager | =10.5\(2\)su6a | |
| Cisco Unified Communications Manager | =10.5\(2\)su6a | |
| Cisco Unified Communications Manager | =10.5\(2\)su7 | |
| Cisco Unified Communications Manager | =10.5\(2\)su7 | |
| Cisco Unified Communications Manager | =10.5\(2\)su8 | |
| Cisco Unified Communications Manager | =10.5\(2\)su8 | |
| Cisco Unified Communications Manager | =10.5\(2\)su9 | |
| Cisco Unified Communications Manager | =10.5\(2\)su9 | |
| Cisco Unified Communications Manager | =10.5\(2\)su10 | |
| Cisco Unified Communications Manager | =10.5\(2\)su10 | |
| Cisco Unified Communications Manager | =11.5\(1\) | |
| Cisco Unified Communications Manager | =11.5\(1\) | |
| Cisco Unified Communications Manager | =11.5\(1\)su1 | |
| Cisco Unified Communications Manager | =11.5\(1\)su1 | |
| Cisco Unified Communications Manager | =11.5\(1\)su2 | |
| Cisco Unified Communications Manager | =11.5\(1\)su2 | |
| Cisco Unified Communications Manager | =11.5\(1\)su3 | |
| Cisco Unified Communications Manager | =11.5\(1\)su3 | |
| Cisco Unified Communications Manager | =11.5\(1\)su4 | |
| Cisco Unified Communications Manager | =11.5\(1\)su4 | |
| Cisco Unified Communications Manager | =11.5\(1\)su5 | |
| Cisco Unified Communications Manager | =11.5\(1\)su5 | |
| Cisco Unified Communications Manager | =11.5\(1\)su7 | |
| Cisco Unified Communications Manager | =11.5\(1\)su7 | |
| Cisco Unified Communications Manager | =11.5\(1\)su8 | |
| Cisco Unified Communications Manager | =11.5\(1\)su8 | |
| Cisco Unified Communications Manager | =11.5\(1\)su9 | |
| Cisco Unified Communications Manager | =11.5\(1\)su9 | |
| Cisco Unified Communications Manager | =12.0\(1\) | |
| Cisco Unified Communications Manager | =12.0\(1\) | |
| Cisco Unified Communications Manager | =12.5\(1\) | |
| Cisco Unified Communications Manager | =12.5\(1\) | |
| Cisco Unified Communications Manager | =12.5\(1\)su1 | |
| Cisco Unified Communications Manager | =12.5\(1\)su1 | |
| Cisco Unified Communications Manager | =12.5\(1\)su2 | |
| Cisco Unified Communications Manager | =12.5\(1\)su2 | |
| Cisco Unified Communications Manager | =12.5\(1\)su3 | |
| Cisco Unified Communications Manager | =12.5\(1\)su3 | |
| Cisco Unified Communications Manager | =12.5\(1\)su4 | |
| Cisco Unified Communications Manager | =12.5\(1\)su4 | |
| Cisco Unified Communications Manager | =12.5\(1\)su5 | |
| Cisco Unified Communications Manager | =12.5\(1\)su5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-1406?
The severity of CVE-2021-1406 is rated as high due to potential sensitive information disclosure.
How do I fix CVE-2021-1406?
To fix CVE-2021-1406, users should apply the latest security patch provided by Cisco for affected versions of Cisco Unified Communications Manager.
What systems are affected by CVE-2021-1406?
CVE-2021-1406 affects multiple versions of Cisco Unified Communications Manager, including versions 10.5, 11.5, and 12.0.
Can CVE-2021-1406 be exploited remotely?
Yes, CVE-2021-1406 can be exploited by an authenticated remote attacker.
What type of information can be disclosed due to CVE-2021-1406?
CVE-2021-1406 could allow an authenticated attacker to access sensitive information stored on the affected Cisco Unified Communications Manager device.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/10.5\(2\)
- version/cisco unified communications manager/10.5\(2\)su1
- version/cisco unified communications manager/10.5\(2\)su2
- version/cisco unified communications manager/10.5\(2\)su2a
- version/cisco unified communications manager/10.5\(2\)su3
- version/cisco unified communications manager/10.5\(2\)su3a
- version/cisco unified communications manager/10.5\(2\)su4
- version/cisco unified communications manager/10.5\(2\)su4a
- version/cisco unified communications manager/10.5\(2\)su5
- version/cisco unified communications manager/10.5\(2\)su6
- version/cisco unified communications manager/10.5\(2\)su6a
- version/cisco unified communications manager/10.5\(2\)su7
- version/cisco unified communications manager/10.5\(2\)su8
- version/cisco unified communications manager/10.5\(2\)su9
- version/cisco unified communications manager/10.5\(2\)su10
- version/cisco unified communications manager/11.5\(1\)
- version/cisco unified communications manager/11.5\(1\)su1
- version/cisco unified communications manager/11.5\(1\)su2
- version/cisco unified communications manager/11.5\(1\)su3
- version/cisco unified communications manager/11.5\(1\)su4
- version/cisco unified communications manager/11.5\(1\)su5
- version/cisco unified communications manager/11.5\(1\)su7
- version/cisco unified communications manager/11.5\(1\)su8
- version/cisco unified communications manager/11.5\(1\)su9
- version/cisco unified communications manager/12.0\(1\)
- version/cisco unified communications manager/12.5\(1\)
- version/cisco unified communications manager/12.5\(1\)su1
- version/cisco unified communications manager/12.5\(1\)su2
- version/cisco unified communications manager/12.5\(1\)su3
- version/cisco unified communications manager/12.5\(1\)su4
- version/cisco unified communications manager/12.5\(1\)su5