Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability

A vulnerability in the Cisco Unified Serviceability component of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack.

The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing an authenticated CUCM user to click a malicious link. An exploit could allow the attacker to perform actions within the Cisco Unified Serviceability pages with the privileges of the authenticated CUCM user.

Cisco has confirmed this vulnerability in a security notice; however, software updates are not available.

To exploit the vulnerability, the attacker may provide a link to a malicious site and may persuade the user to follow the link by using misleading language and instructions.