CVE-2021-1357

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ciscoCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
ciscounified_communications_manager
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager
12.0 ≤
𝑥
< 12.0\(1\)su4
ciscounified_communications_manager
12.0 ≤
𝑥
< 12.0\(1\)su4
ciscounified_communications_manager
12.5 ≤
𝑥
< 12.5\(1\)su4
ciscounified_communications_manager
12.5 ≤
𝑥
< 12.5\(1\)su4
ciscounified_communications_manager_im_and_presence_service
𝑥
< 11.5\(1\)su9
ciscounified_communications_manager_im_and_presence_service
12.0 ≤
𝑥
< 12.5\(1\)su4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6