![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – FormBook Malware – Fresh IOCs
August 6, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 6, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – FormBook Malware – Fresh IOCs
August 6, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 6, 2021Severity
Medium
Analysis Summary
CVE-2021-1522
Cisco Connected Mobile Experiences could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with password policy check is incomplete at the time a password is changed at server-side using the API. By sending a specially-crafted API request, an attacker could exploit this vulnerability to change their own password to a value that does not comply with the configured strong authentication requirements.
Impact
- Bypass Security
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco Connected Mobile Experiences 10.6.0
- Cisco Connected Mobile Experiences 10.6.1
- Cisco Connected Mobile Experiences 10.6.2
- Cisco Connected Mobile Experiences 10.6.3
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.