CVE-2021-1226

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
Severity
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
ciscoemergency_responder
12.5\(1\) ≤
𝑥
< 12.5\(1\)su3
ciscoemergency_responder
10.5\(2\)
ciscoemergency_responder
11.5\(1\)
ciscoemergency_responder
12.0\(1\)
ciscoprime_license_manager
11.5\(1\) ≤
𝑥
< 11.5\(1\)su9
ciscoprime_license_manager
10.5\(2\)
ciscounified_communications_manager
11.5\(1\) ≤
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager
11.5\(1\) ≤
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager
10.5\(2\)
ciscounified_communications_manager
10.5\(2\)
ciscounified_communications_manager_im_\&_presence_service
11.5\(1\) ≤
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager_im_\&_presence_service
12.5\(1\) ≤
𝑥
< 12.5\(1\)su3
ciscounified_communications_manager_im_\&_presence_service
10.5\(2\)
ciscounified_communications_manager_im_\&_presence_service
12.0\(1\)
ciscounity_connection
11.5\(1\) ≤
𝑥
< 11.5\(1\)su9
ciscounity_connection
12.0\(1\) ≤
𝑥
< 12.0\(1\)su4
ciscounity_connection
12.5\(1\) ≤
𝑥
< 12.5\(1\)su3
ciscounity_connection
10.5\(2\)
𝑥
= Vulnerable software versions