A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
References
| Link | Resource |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 May 2022, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
| References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNTÂ - Vendor Advisory | |
| First Time |
Cisco
Cisco unified Communications Manager |
|
| CPE | cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:* cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:* |
|
| CWE | CWE-352 |
21 Apr 2022, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-21 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-20787
Mitre link : CVE-2022-20787
CVE.ORG link : CVE-2022-20787
JSON object : View
Products Affected
cisco
- unified_communications_manager
CWE
CWE-352
Cross-Site Request Forgery (CSRF)