发布日期：2021-04-07
更新日期：2021-04-14

受影响系统：

Cisco Unified Communications Manager 12.5(1) < 12.5(1)SU4
Cisco Unified Communications Manager 12.0(1)
Cisco Unified Communications Manager 11.5(1)
Cisco Unified Communications Manager 11.0(1)
Cisco Unified Communications Manager 10.5(2)
Cisco Unified Communications Manager Session Management Edition 12.5(1) < 12.5(1)SU4
Cisco Unified Communications Manager Session Management Edition 12.0(1)
Cisco Unified Communications Manager Session Management Edition 11.5(1)
Cisco Unified Communications Manager Session Management Edition 11.0(1)
Cisco Unified Communications Manager Session Management Edition 10.5(2)

描述：

---

CVE(CAN) ID: CVE-2021-1399

Cisco Unified Communications Manager（CUCM，Unified CM，CallManager）是美国思科（Cisco）公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。
Communications Manager (Unified CM)和Cisco Unified Communications Manager Session Management Edition (Unified CM SME) 的 Self Care Portal存在授权绕过漏洞。该漏洞源于程序未对用户输入进行正确验证。经过身份认证的远程攻击者可通过发送特制的请求利用该漏洞在未经授权的情况下修改受影响系统上的数据。

<*来源：Mohamed Youssef(Cysiv)
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHg
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-cucm-selfcare-VRWWWHgE）以及相应补丁:
cisco-sa-cucm-selfcare-VRWWWHgE：Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE

浏览次数：930
严重程度：0（网友投票）