Cross-Site Request Forgery Vulnerability in Cisco Unified Contact Center Express
CVE-2018-0402

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Unified Contact Center Express Unknown
Vendor
CVE Published:
18 July 2018

Summary

Multiple vulnerabilities within the web-based management interface of Cisco Unified Contact Center Express may enable an unauthenticated remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. By exploiting these vulnerabilities, attackers could potentially perform unauthorized operations on behalf of logged-in users, compromising the confidentiality and integrity of user sessions. It is crucial for organizations using this product to implement the necessary security patches and measures to mitigate these risks effectively.

Affected Version(s)

Cisco Unified Contact Center Express unknown Cisco Unified Contact Center Express unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041352
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.