CSRF in Cisco Unity_connection
CVE-2015-0716
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.001 (29.9th percentile) — read the EPSS interpretation.
Affected products
- Cisco Unity_connection — versions 11.0\(0.98000.225\), 11.0\(0.98000.332\)
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150505 Cisco Unity Connection CUCReports Page Cross-Site Request Forgery Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1032259 (vdb-entry, x_refsource_SECTRACK)