Overview
- Description
- A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0"
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84"
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0"
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEEEA592-F8A1-41F2-B152-87F0A9B6087E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F2437A5-217A-4CD1-9B72-A31BDDC81F42"
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65D225AB-813B-4182-8916-0FE8307BB18B"
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34376413-27A8-48DF-BC31-FFE043945406"
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A85D56C0-D4A3-43A7-9CD1-FCEB6C8AEF66"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A"
}
],
"operator": "OR"
}
]
}
]