Vulnerability Details : CVE-2021-1143

CVE Name: CVE-2021-1143: Other vulnerability on Cisco Connected Mobile Experiences
Description: A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.
Publish date: 2021-01-13T22:15Z
Last Update: 2022-08-05T19:28Z

CVSS Scores & Vulnerability Types

CVSS Score
4.3
Confidentiality ImpactLOW
Integrity ImpactNONE
Availability ImpactNONE
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Vulnerability Type(s)Other
CWE ID862

Products Affected By CVE-2021-1143

# Vendor Product Vulnerable Versions
1 Cisco Connected Mobile Experiences 3

Detail of Verions Affected

# Product Type Vendor Product Version
1 Application Cisco Connected Mobile Experiences 10.6.2
2 Application Cisco Connected Mobile Experiences 10.6.0
3 Application Cisco Connected Mobile Experiences 10.6.1

References For CVE-2021-1143

Hyperlink Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxapi-KsKwCmfp Vendor Advisory