发布日期：2021-01-13
更新日期：2021-01-20

受影响系统：

Cisco Emergency Responder
Cisco Unified Communications Manager
Cisco Unity Connection
Cisco Unified Communications Manager Session Management Edition
Cisco Unified Communications Manager IM and Presence Service
Cisco Prime License Manager Software

描述：

---

CVE(CAN) ID: CVE-2021-1226

Cisco Unity Connection是一套语音留言平台。Cisco Unified Communications Manager（CUCM，Unified CM，CallManager）是一款统一通信系统中的呼叫处理组件。Unified Communications Manager Session Management Edition（CM SME）是Unified Communications Manager的会话管理版。
多款Cisco Unified Communications产品的审核日志记录组件存在信息泄露漏洞。该漏洞源于未加密凭证的存储。攻击者可通过访问受影响系统的审核日志并获取凭据利用该漏洞以明文形式查看敏感信息。

<*来源：Cisco
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-cucm-logging-6QSWKRYz）以及相应补丁:
cisco-sa-cucm-logging-6QSWKRYz：Cisco Unified Communications Products Information Disclosure Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz

浏览次数：934
严重程度：0（网友投票）