CVE-2019-15272HTTP Request Smuggling in Cisco Unified Communications Manager

CWE-264CWE-444HTTP Request Smuggling4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedOct 2
Latest updateMay 24

Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the syste

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5cisco/cisco_unified_communications_managerunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-3jjm-f9rj-vgmh: A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition2022-05-24
CVEList
Cisco Unified Communications Manager Security Bypass Vulnerability2019-10-02

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager Security Bypass Vulnerability2019-10-02
CVE-2019-15272 — HTTP Request Smuggling in Cisco | cvebase