CVE-2021-1144 is a vulnerability in Cisco Connected Mobile Experiences
Published on January 13, 2021
Cisco Connected Mobile Experiences Privilege Escalation Vulnerability
A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system. The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.
Vulnerability Analysis
CVE-2021-1144 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2021-1144 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2021-1144
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-1144 are published in Cisco Connected Mobile Experiences:
Affected Versions
Cisco Connected Mobile Experiences Version n/a is affected by CVE-2021-1144Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.