| Vulnerability Name: | CVE-2014-0745 (CCN-91432) | ||||||||
| Assigned: | 2014-02-25 | ||||||||
| Published: | 2014-02-25 | ||||||||
| Updated: | 2015-08-01 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability subsystem in Cisco Unified Contact Center Express (Unified CCX) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCum95502. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0745 Source: CCN Type: SA57140 Cisco Unified Contact Center Express Cross-Site Request Forgery Vulnerability Source: CCN Type: Cisco Security Notice Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability Source: CISCO Type: Vendor Advisory 20140225 Cisco Unified Contact Center Express Serviceability Page CSRF Vulnerability Source: CCN Type: BID-65798 Cisco Unified Contact Center Express CVE-2014-0745 Cross Site Request Forgery Vulnerability Source: SECTRACK Type: UNKNOWN 1029842 Source: XF Type: UNKNOWN cisco-ucce-cve20140745-csrf(91432) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||