CVE-2021-1399

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified)

Description A vulnerability in the Self Care Portal could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The issue is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this by sending a crafted HTTP request to an affected system, potentially allowing them to modify information without proper authorization.

Recommendations For Cisco Unified Communications Manager, update to a version that includes the fix for this issue. For Cisco Unified Communications Manager Session Management Edition, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Self Care Portal until a patch is available.