QID 317111
Date Published: 2021-11-11
QID 317111: Cisco Unified Communications Manager IM and Presence Service Cross-Site Request Forgery (CSRF) Vulnerability (cisco-sa-ucm-csrf-xrTkDu3H)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM),
Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM and Presence Service (Unified CM IM and P)
could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device.
Affected Products
Following Cisco products if they are running a vulnerable release:
Unified CM IM and P
QID Detection Logic (Authenticated):
The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using " Active Master Version:" command.
A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.
These actions could include modifying the device configuration and deleting (but not creating) user accounts.
Customers are advised to refer to cisco-sa-ucm-csrf-xrTkDu3H for more information.
- cisco-sa-ucm-csrf-xrTkDu3H -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H
CVEs related to QID 317111
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-ucm-csrf-xrTkDu3H |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H |