Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software. This vulnerability allows an unauthenticated, remote attacker to conduct a CSRF attack on an affected device. The issue arises from insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link, potentially leading to the execution of arbitrary actions with the user's privilege level.

Impact

Exploitation of this vulnerability could allow an attacker to perform actions on behalf of the affected user, potentially leading to unauthorized changes or access within the application.

Remediation

Cisco has released software updates to address this vulnerability. Users are advised to consult the Cisco Security Advisories page for information on fixed releases and upgrade instructions.