Vulnerability Name: | CVE-2016-6427 (CCN-117519) | ||||||||||||
Assigned: | 2016-10-05 | ||||||||||||
Published: | 2016-10-05 | ||||||||||||
Updated: | 2017-07-30 | ||||||||||||
Summary: | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. | ||||||||||||
CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-352 | ||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-6427 Source: CISCO Type: Vendor Advisory 20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability Source: BID Type: UNKNOWN 93418 Source: SECTRACK Type: UNKNOWN 1036953 Source: XF Type: UNKNOWN cisco-uic-cve20166427-csrf(117519) Source: CCN Type: Cisco Security Advisory cisco-sa-20161005-ucis3 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |