CVE-2016-6440 — Improper Input Validation in Cisco Unified Communications Manager

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 47.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedOct 27

Latest updateMay 17

Description

The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/unified_communications_manager11.5\(0.99838.4\)

🔴Vulnerability Details

GHSA

GHSA-pg8g-66pv-8g79: The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn coul↗2022-05-17

▶

CVEList

CVE-2016-6440: The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn coul↗2016-10-27

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability↗2016-10-12

▶