High Severity Vulnerability in Cisco Connected Mobile Experiences

Cisco has released security updates to address a high severity vulnerability (CVE-2021-1144) found in Cisco Connected Mobile Experiences (CMX).

Successful exploitation of the vulnerability could allow an authenticated attacker without administrative privileges to alter the passwords of any user on an affected system remotely, including an administrative user, and then impersonate that user.

The vulnerability affects Cisco CMX releases 10.6.0, 10.6.1, and 10.6.2.

Administrators and users of the affected versions are advised to update their software immediately.

More information is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxpe-75Asy9k