Cross-Site Request Forgery in Cisco Unified Communications Manager IM & Presence Service
CVE-2018-0363

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Unified Communications Manager Im & Presence Service Unknown
Vendor
CVE Published:
21 June 2018

Summary

A vulnerability exists in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service, which can be exploited by an unauthenticated attacker through a CSRF attack. The flaw stems from inadequate protection against CSRF, enabling an attacker to trick a legitimate user into following a malicious link. This exploitation could result in the attacker executing arbitrary actions on the device under the user's authority, thus jeopardizing the integrity of the system.

Affected Version(s)

Cisco Unified Communications Manager IM & Presence Service unknown Cisco Unified Communications Manager IM & Presence Service unknown

References

http://www.securitytracker.com/id/1041170
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/104523
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.