HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2018-0364

CVSS 8.8v3.0pub. 2018-06-21upd. 2024-11-21

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Cisco Unified Communications Domain Manager

    APP
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2018-0124CRITICAL9.8ten sam produkt

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker...

CVE-2014-3300HIGH7.5ten sam produkt

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Ap...

CVE-2014-2198HIGH10.0ten sam produkt

Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcode...

CVE-2014-2197HIGH9.0ten sam produkt

The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CD...

CVE-2019-15968MEDIUM5.4ten sam produkt

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified ...