CVE-2022-20787 — Cross-Site Request Forgery in Cisco Unified Communications Manager

CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.8MEDIUMNVD

CNA5.7

EPSS

0.1%

top 76.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedApr 21

Latest updateApr 22

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the inte…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/unified_communications_manager12.5\(1\) — 12.5\(1\)su6+1

▶CVEListV5cisco/cisco_unified_communications_managern/a

🔴Vulnerability Details

GHSA

GHSA-chjw-8rf3-xw7f: A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Manag↗2022-04-22

▶

CVEList

Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability↗2022-04-21

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability↗2022-04-20

▶