CVE-2021-1406

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified)

Description: The issue is related to the improper inclusion of sensitive information in downloadable files, which could allow an authenticated, remote attacker to access sensitive information on an affected device. An attacker could exploit this by authenticating to the device and issuing specific commands, potentially obtaining hashed credentials of system users. The attacker would need valid user credentials with elevated privileges to exploit this issue.

Recommendations: For Cisco Unified Communications Manager, restrict access to downloadable files until a patch is available. For Cisco Unified Communications Manager Session Management Edition, consider disabling the ability to download sensitive files as a temporary workaround until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.