| Vulnerability Name: | CVE-2013-3450 (CCN-86182) | ||||||||
| Assigned: | 2013-08-02 | ||||||||
| Published: | 2013-08-02 | ||||||||
| Updated: | 2013-08-05 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3450 Source: CCN Type: SA54441 Cisco Unified Communications Manager User WebDialer Page Cross-Site Request Forgery Vulnerability Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack Source: CISCO Type: Vendor Advisory 20130802 Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack Source: CCN Type: BID-61601 Cisco Unified Communications Manager CVE-2013-3450 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN cisco-ucm-cve20133450-csrf(86182) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||