CVE-2013-1120: CSRF
First published: Wed Feb 06 2013(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Express | <=7.4 | |
| Cisco Unity Express | =1.1.1 | |
| Cisco Unity Express | =1.1.2 | |
| Cisco Unity Express | =2.0 | |
| Cisco Unity Express | =2.1 | |
| Cisco Unity Express | =2.2 | |
| Cisco Unity Express | =2.3 | |
| Cisco Unity Express | =3.0 | |
| Cisco Unity Express | =3.1 | |
| Cisco Unity Express | =3.2 | |
| Cisco Unity Express | =7.0 | |
| Cisco Unity Express | =7.1 | |
| Cisco Unity Express | =7.2 | |
| Cisco Unity Express | =7.3 | |
| Cisco Unity Express |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-1120?
CVE-2013-1120 is classified with a high severity due to its potential to allow attackers to hijack authentication.
How do I fix CVE-2013-1120?
To fix CVE-2013-1120, update the Cisco Unity Express software to version 8.0 or later.
What types of attacks does CVE-2013-1120 enable?
CVE-2013-1120 enables attackers to perform cross-site request forgery (CSRF) attacks.
Which Cisco Unity Express versions are affected by CVE-2013-1120?
CVE-2013-1120 affects Cisco Unity Express versions prior to 8.0, including all versions from 1.1.1 to 7.4.
Who is impacted by CVE-2013-1120 vulnerabilities?
Users of affected Cisco Unity Express software prior to version 8.0 are vulnerable and can potentially be hijacked by remote attackers.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/cisco
- canonical/cisco unity express
- version/cisco unity express/7.4
- version/cisco unity express/1.1.1
- version/cisco unity express/1.1.2
- version/cisco unity express/2.0
- version/cisco unity express/2.1
- version/cisco unity express/2.2
- version/cisco unity express/2.3
- version/cisco unity express/3.0
- version/cisco unity express/3.1
- version/cisco unity express/3.2
- version/cisco unity express/7.0
- version/cisco unity express/7.1
- version/cisco unity express/7.2
- version/cisco unity express/7.3