CVE-2021-1522

Name of the Vulnerable Software and Affected Versions Cisco Connected Mobile Experiences (CMX) (affected versions not specified)

Description A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This issue exists because a password policy check is incomplete at the time a password is changed at the server side using the API. An attacker could exploit this by sending a specially crafted API request to the affected device, potentially allowing them to change their own password to a non-compliant value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.