Cross-Site Request Forgery Vulnerability in Cisco Unified Communications Domain Manager
CVE-2018-0364

8.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Unified Communications Domain Manager Unknown
Vendor: CVE Published:; 21 June 2018

Summary

A vulnerability exists in the web management interface of Cisco Unified Communications Domain Manager that allows unauthenticated attackers to execute cross-site request forgery (CSRF) attacks. This issue arises from inadequate CSRF protections, enabling an attacker to trick a legitimate user into following a malicious link. If successfully exploited, the attacker can perform actions on the affected device with the same permissions as the user, potentially leading to unauthorized modifications or data exposure.

Affected Version(s)

Cisco Unified Communications Domain Manager unknown Cisco Unified Communications Domain Manager unknown

References

http://www.securitytracker.com/id/1041171

vdb-entryx_refsource_SECTRACK

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Nov 27, 2017