CVE-2017-3877 — Cross-Site Request Forgery in Cisco Unified Communications Manager

CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedMar 17

Latest updateMay 17

Description

A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/unified_communications_manager11.5\(1.11.007.2\)

▶CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

GHSA

GHSA-76x7-mpx3-h3rw: A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct↗2022-05-17

▶

OSV

libapache2-mod-auth-mellon vulnerabilities↗2020-10-22

▶

CVEList

CVE-2017-3877: A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct↗2017-03-17

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability↗2017-03-15

▶