发布日期：2021-04-07
更新日期：2021-04-14

受影响系统：

Cisco Unified Communications Manager 12.5(1) < 12.5(1)SU4
Cisco Unified Communications Manager 12.0(1)
Cisco Unified Communications Manager 11.5(1)
Cisco Unified Communications Manager 11.0(1)
Cisco Unified Communications Manager 10.5(2)
Cisco Unified Communications Manager Session Management Edition 12.5(1) < 12.5(1)SU4
Cisco Unified Communications Manager Session Management Edition 12.0(1)
Cisco Unified Communications Manager Session Management Edition 11.5(1)
Cisco Unified Communications Manager Session Management Edition 11.0(1)
Cisco Unified Communications Manager Session Management Edition 10.5(2)

描述：

---

CVE(CAN) ID: CVE-2021-1406

Cisco Unified Communications Manager（CUCM，Unified CM，CallManager）是美国思科（Cisco）公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。
Communications Manager (Unified CM)和Cisco Unified Communications Manager Session Management Edition (Unified CM SME)存在信息泄露漏洞。该漏洞产生的原因是敏感信息未正确包含在可下载文件中。经过身份认证的远程攻击者可利用该漏洞获得系统用户的哈希凭证。

<*来源：Mohamed Youssef(Cysiv)
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-cucm-inf-disc-wCxZNjL2）以及相应补丁:
cisco-sa-cucm-inf-disc-wCxZNjL2：Cisco Unified Communications Manager Information Disclosure Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2

浏览次数：1190
严重程度：0（网友投票）