CVE-2017-6785Improper Input Validation in Systems INC Unified Communications Manager

CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 61.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Systems INC Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedAug 17
Latest updateMay 17

Description

A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted a

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/unified_communications_manager10.5\(2.10000.5\), 11.0\(1.10000.10\), 11.5\(1.10000.6\)+2
CVEListV5cisco_systems_inc/unified_communications_manager10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6)+2

🔴Vulnerability Details

2
GHSA
GHSA-9r7g-3f6r-pjwx: A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote att2022-05-17
CVEList
CVE-2017-6785: A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote att2017-08-17

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability2017-08-16
CVE-2017-6785 — Improper Input Validation | cvebase