| Vulnerability Name: | CVE-2013-3451 (CCN-86181) | ||||||||
| Assigned: | 2013-08-02 | ||||||||
| Published: | 2013-08-02 | ||||||||
| Updated: | 2013-08-05 | ||||||||
| Summary: | Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3451 Source: CCN Type: SA54450 Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability Source: CCN Type: Cisco Security Notice Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability Source: CISCO Type: Vendor Advisory 20130802 Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability Source: CCN Type: BID-61602 Cisco Unified Communications Manager CVE-2013-3451 Cross Site Request Forgery Vulnerability Source: XF Type: UNKNOWN cisco-ucm-cve20133451-csrf(86181) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||