CVE-2021-1407
Description
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities For Cisco Unity Connection | NCM |
| Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities For Cisco Unified Communications Manager (CallManager) | NCM |
| Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities For Cisco Unified Communications Manager IM & Presence Service | NCM |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2021-1407) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1706016 | Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25) |
| PATCH-1706022 | Security Update for Cisco Unified Communications Manager IM & Presence Service CUP.11.5(1.12900.25) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234