| Vulnerability Name: | CVE-2013-3397 (CCN-85294) | ||||||||
| Assigned: | 2013-06-25 | ||||||||
| Published: | 2013-06-25 | ||||||||
| Updated: | 2013-10-11 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3397 Source: CCN Type: SA53972 Cisco Unified Communications Manager Unified Serviceability Cross-Site Request Forgery Vulnerability Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability Source: CISCO Type: Vendor Advisory 20130625 Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability Source: CCN Type: BID-60822 Cisco Unified Communications Manager CVE-2013-3397 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN cucm-cve20133397-csrf(85294) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||