1. Home
  2. CVE Database
  3. CVE-2021-1226
MEDIUM · 4.3

CVE-2021-1226

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & P...

Vulnerability Description

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoEmergency Responder>= 12.5\(1\), < 12.5\(1\)su3
CiscoPrime License Manager>= 11.5\(1\), < 11.5\(1\)su9
CiscoUnified Communications Manager>= 11.5\(1\), < 11.5\(1\)su9
CiscoUnified Communications Manager Im \& Presence Service>= 11.5\(1\), < 11.5\(1\)su9
CiscoUnity Connection>= 11.5\(1\), < 11.5\(1\)su9

Related Weaknesses (CWE)

CWE-532

References

FAQ

What is CVE-2021-1226?

CVE-2021-1226 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp; P...

How severe is CVE-2021-1226?

CVE-2021-1226 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1226?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Emergency Responder, Cisco Prime License Manager, Cisco Unified Communications Manager, Cisco Unified Communications Manager Im \& Presence Service, Cisco Unity Connection.