Lucene search

CiscoCISCO-SA-20151209-UC

HistoryDec 09, 2015 - 8:00 p.m.

Cisco Unity Connection Cross-Site Request Forgery Vulnerability

2015-12-0920:00:00

tools.cisco.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

A cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.

Cisco has not released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc”]

Affected configurations

Vulners

Node

ciscounity_connectionMatchany

CPENameOperatorVersion
cisco unity connectioneqany
cisco unity connectioneqany

CPE	Name	Operator	Version
	cisco unity connection	eq	any
	cisco unity connection	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for CISCO-SA-20151209-UC