CVE-2021-1364 — Vulnetix

CVE-2021-1364 PUBLISHED CVSS 6.5 MEDIUM

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

EPSS 0.31% · 54.4th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.31%

54.4th percentile

Affected Products

Vendor	Product	Versions
cisco	unified_communications_manager	12.0, 12.0, 12.5
cisco	unified_communications_manager_im_and_presence_service	12.0, 0
Cisco	Cisco Unified Communications Manager	n/a

Exploit Intelligence

20210120 Cisco Unified Communications Products Vulnerabilities (circl)

Timeline

Jan 20, 2021 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

20210120 Cisco Unified Communications Products Vulnerabilities vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1364 advisory

Open in Interactive Console →