CVE-2019-1915
published 2019-10-02CVE-2019-1915: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME)…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_unified_communications_manager | >= unspecified < n/a | n/a |
| cisco | unified_communications_manager | — | — |
| cisco | unified_communications_manager | — | — |
| cisco | unified_communications_manager | — | — |
| cisco | unified_communications_manager | — | — |
| cisco | unified_communications_manager_im_and_presence_service | — | — |
| cisco | unified_communications_products | — | — |
| cisco | unity_connection | — | — |
| cisco | unity_connection | — | — |
| cisco | unity_connection | — | — |
| cisco | unity_connection | — | — |