CVE-2021-1522 is a vulnerability in Cisco Connected Mobile Experiences
Published on August 4, 2021
Cisco Connected Mobile Experiences Strong Authentication Requirements Enforcement Bypass
A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with the strong authentication requirements that are configured on an affected device. This vulnerability exists because a password policy check is incomplete at the time a password is changed at server side using the API. An attacker could exploit this vulnerability by sending a specially crafted API request to the affected device. A successful exploit could allow the attacker to change their own password to a value that does not comply with the configured strong authentication requirements.
Vulnerability Analysis
CVE-2021-1522 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Credentials Management Errors
Weaknesses in this category are related to the management of credentials.
Products Associated with CVE-2021-1522
Want to know whenever a new CVE is published for Cisco Connected Mobile Experiences? stack.watch will email you.
Affected Versions
Cisco Connected Mobile Experiences Version n/a is affected by CVE-2021-1522Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.