Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

N/A

跨站请求伪造(CSRF)

Cisco Communications Manager和Cisco Unified Communications Manager Session Management Edition 跨站请求伪造漏洞

Cisco Communications Manager和Cisco Unified Communications Manager Session Management Edition中的基于Web的界面存在跨站请求伪造漏洞，该漏洞源于程序没有进行充分的跨站请求伪造保护。远程攻击者可通过诱使用户点击恶意链接利用该漏洞修改目标用户的密码，进而以用户身份进行未授权的操作。以下产品及版本受到影响：Cisco Communications Manager 10.5(2)及之前版本，11.5(1)SU5及之前版本，

N/A

N/A