Cross-Site Request Forgery Vulnerability in Cisco Unified Customer Voice Portal
CVE-2015-0735

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Customer Voice Portal
Vendor: CVE Published:; 17 May 2015

Summary

A cross-site request forgery (CSRF) vulnerability exists in Cisco Unified Customer Voice Portal (CVP) version 10.5(1). This flaw enables remote attackers to exploit user authentication, potentially leading to unauthorized actions on behalf of legitimate users. The vulnerability arises from inadequate validation of user requests, allowing attackers to hijack sessions without user consent. It's essential for users of affected versions to apply the relevant security updates to mitigate this risk.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032340

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 17, 2015
Vulnerability Reserved
Jan 7, 2015