Rewterz Threat Alert – FormBook Malware – Fresh IOCs
August 6, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 6, 2021Rewterz Threat Alert – FormBook Malware – Fresh IOCs
August 6, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 6, 2021Severity
Medium
Analysis Summary
CVE-2021-1522
Cisco Connected Mobile Experiences could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with password policy check is incomplete at the time a password is changed at server-side using the API. By sending a specially-crafted API request, an attacker could exploit this vulnerability to change their own password to a value that does not comply with the configured strong authentication requirements.
Impact
- Bypass Security
- Unauthorized Access
Affected Vendors
Cisco
Affected Products
- Cisco Connected Mobile Experiences 10.6.0
- Cisco Connected Mobile Experiences 10.6.1
- Cisco Connected Mobile Experiences 10.6.2
- Cisco Connected Mobile Experiences 10.6.3
Remediation
Refer to Cisco Security Advisory for the patch, upgrade, or suggested workaround information.