CVE-2015-0716

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 69.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedMay 7
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDcisco/unity_connection11.0\(0.98000.225\), 11.0\(0.98000.332\)+1

🔴Vulnerability Details

2
GHSA
GHSA-2mc3-g4mp-f2pj: Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 112022-05-17
CVEList
CVE-2015-0716: Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 112015-05-07

📋Vendor Advisories

1
Cisco
Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability2015-05-05
CVE-2015-0716 (MEDIUM CVSS 6.8) | Cross-site request forgery (CSRF) v | cvebase.io