Cross-Site Request Forgery Vulnerability in Cisco Unified Intelligence Center
CVE-2016-6427

8.8HIGH

Key Information:

Vendor

Cisco
Status
Unified Contact Center Express
Unified Intelligence Center
Vendor
CVE Published:
6 October 2016

What is CVE-2016-6427?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Cisco Unified Intelligence Center (CUIC) versions 8.5.4 to 9.1(1) and impacts Unified Contact Center Express versions 10.0(1) to 11.0(1). This vulnerability enables remote attackers to exploit the authentication process of arbitrary users, potentially allowing them unauthorized access to sensitive information or functionalities. The issue has been documented under Bug IDs CSCuy75036 and CSCuy81654, highlighting the need for immediate attention to affected systems.

References

http://www.securitytracker.com/id/1036953
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/93418
vdb-entryx_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.