Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
CVE-2022-20787

5.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Communications Manager
Vendor: CVE Published:; 21 April 2022

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Affected Version(s)

Cisco Unified Communications Manager

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Apr 21, 2022
Vulnerability Reserved
Nov 2, 2021