How severe is CVE-2021-1406?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2021-1406?

This is classified as CWE-538, which is a common weakness in software security.

CVE-2021-1406

MEDIUM Year: 2021

CVSS v3 Score

4.9

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-538

View all →

Vulnerability Description

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

CVE-2018-4847

MEDIUM

CVSS:4.6(Medium)

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinC...

CWE-5382018

CVE-2022-20864

MEDIUM

CVSS:4.6(Medium)

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configu...

CWE-5382022

CVE-2017-9947

MEDIUM

CVSS:5.3(Medium)

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with netwo...

CWE-5382017

CVE-2021-32822

MEDIUM

CVSS:5.3(Medium)

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulner...

CWE-5382021

CVE-2022-26329

MEDIUM

CVSS:5.3(Medium)

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus Ne...

CWE-5382022

CVE-2024-0191

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to f...

CWE-5382024

CVE-2021-1406

Vulnerability Description

Related Vulnerabilities

CVE-2018-4847

CVE-2022-20864

CVE-2017-9947

CVE-2021-32822

CVE-2022-26329

CVE-2024-0191