Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1915

Опубликовано: 02 окт. 2019
Источник: nvd
CVSS3: 6.5
CVSS3: 6.5
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:12.5\(1.10000.22\):*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:12.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00184
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352
CWE-352

Связанные уязвимости

github логотип

GHSA-9p4j-gv3h-8q29

CVSS3: 6.5
github
больше 3 лет назад

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

fstec логотип

BDU:2019-04117

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость веб-интерфейса управления систем обработки вызовов Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service и интегрированной системы обмена сообщениями Cisco Unity Connection, позволяющая нарушителю отправлять произвольные запросы

EPSS

Процентиль: 40%
0.00184
Низкий

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352
CWE-352