CVE-2021-34773

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 52.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Unified Communications Manager Cisco Unified Communications Manager Cisco Unified Communications Manager IM AND Presence Service

Timeline

PublishedNov 4

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDcisco/unified_communications_manager_im_and_presence_service4 versions+3

▶NVDcisco/unified_communications_manager14.0\(1.10000.20\)

▶CVEListV5cisco/cisco_unified_communications_managern/a

🔴Vulnerability Details

GHSA

GHSA-rj22-gp23-c66j: A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Sessi↗2022-05-24

▶

CVEList

Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability↗2021-11-04

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability↗2021-11-03

▶