Main Vulnerability Database SB2021080518

SB2021080518 - Credentials management in Cisco Connected Mobile Experiences

Published: August 5, 2021

Security Bulletin ID SB2021080518

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Credentials management (CVE-ID: CVE-2021-1522)

The vulnerability allows a remote attacker can compromise the target system.

The vulnerability exists due to a password policy check is incomplete at the time a password is changed at server side using the API. A remote authenticated attacker can send a specially crafted API request and change their own password to a value that does not comply with the configured strong authentication requirements.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmx-GkCvfd4