6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
52.2%
A cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection could allow an unauthenticated, remote attacker to execute unwanted actions.
The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.
Cisco has not released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc”]
CPE | Name | Operator | Version |
---|---|---|---|
cisco unity connection | eq | any | |
cisco unity connection | eq | any |