PT-2021-1694 · Cisco · Cisco Connected Mobile Experiences

Published

2021-01-13

Updated

2021-01-20

CVE-2021-1144

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Connected Mobile Experiences (CMX) (affected versions not specified)

Description A vulnerability in Cisco Connected Mobile Experiences (CMX) is due to incorrect handling of authorization checks for changing a password. This could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. An attacker could exploit this vulnerability by sending a modified HTTP request to an affected device, potentially allowing them to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2021-00363

CVE-2021-1144

Affected Products

Cisco Connected Mobile Experiences

PT-2021-1694 · Cisco · Cisco Connected Mobile Experiences

CVE-2021-1144

Weakness Enumeration

Related Identifiers

Affected Products

References · 5