CVE-2021-1143

Name of the Vulnerable Software and Affected Versions: Cisco Connected Mobile Experiences (CMX) (affected versions not specified)

Description: The issue is related to a lack of authorization checks for certain API GET requests, which could allow an authenticated, remote attacker to enumerate users on the system. An attacker could exploit this by sending specific API GET requests to an affected device, potentially allowing them to enumerate users of the CMX system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.