Unrated severityNVD Advisory· Published Jan 13, 2021· Updated Nov 12, 2024
Cisco Connected Mobile Experiences User Enumeration Vulnerability
CVE-2021-1143
Description
A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
Patches
Vulnerability mechanics
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxapi-KsKwCmfpmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.