CVE-2021-1478

Name of the Vulnerable Software and Affected Versions Cisco Hosted Collaboration Mediation Fulfillment (affected versions not specified) Cisco Unified Communications Manager (affected versions not specified) Cisco Unified Communications Manager Session Management Edition (affected versions not specified)

Description The issue is related to insufficient access control in the Java Management Extensions (JMX) component. It could allow a remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this by accessing the port and restarting the JMX process, leading to a DoS condition.

Recommendations For Cisco Hosted Collaboration Mediation Fulfillment, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Unified Communications Manager, consider restricting access to the unsecured TCP/IP port associated with the JMX component until a patch is available. For Cisco Unified Communications Manager Session Management Edition, as a temporary workaround, consider disabling the JMX process to prevent exploitation until a fix is provided.