CVE-2013-1120
published 2013-02-06CVE-2013-1120: Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the…
PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.20%
64.3th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | unity_express_software | <= 7.4 | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
| cisco | unity_express_software | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_cisco6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Unity Express Multiple Cross-Site Request Forgery Vulnerabilities
vendor_cisco·2013-02-01·CVSS 6.8
CVE-2013-1120 [MEDIUM] CWE-352 Cisco Unity Express Multiple Cross-Site Request Forgery Vulnerabilities
Cisco Unity Express Multiple Cross-Site Request Forgery Vulnerabilities
Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks.
The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated, remote attacker could exploit these vulnerabilities by convincing a user to follow a malicious link that is designed to submit malicious requests to the affected software. If successful, the attacker could perform certain unauthorized actions on the vulnerable software, which could be used to conduct further attacks on the system.
Cisco has confirmed the vulnerabilities in a security notice; however software updates are
GHSA
GHSA-g785-v6v4-8r5m: Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8
ghsa_unreviewed·2022-05-17
CVE-2013-1120 [MEDIUM] CWE-352 GHSA-g785-v6v4-8r5m: Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
No detection rules found.
No writeups or analysis indexed.
2013-02-06
Published