CVE-2019-1915Cross-Site Request Forgery in Cisco Unified Communications Manager

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Unified Communications ManagerCisco Unified Communications ManagerCisco Unified Communications Manager IM AND Presence Service+1 more
Timeline
PublishedOct 2
Latest updateMay 24

Description

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit thi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5cisco/cisco_unified_communications_managerunspecifiedn/a
NVDcisco/unity_connection4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-9p4j-gv3h-8q29: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (S2022-05-24
CVEList
Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability2019-10-02

📋Vendor Advisories

1
Cisco
Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability2019-10-02
CVE-2019-1915 — Cross-Site Request Forgery in Cisco | cvebase