CVE-2015-0716: CSRF
First published: Thu May 07 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Connection | =11.0\(0.98000.225\) | |
| Cisco Unity Connection | =11.0\(0.98000.332\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0716?
CVE-2015-0716 has a medium severity rating, indicating potential for exploitation but requiring specific conditions.
How do I fix CVE-2015-0716?
To fix CVE-2015-0716, upgrade to the latest versions of Cisco Unity Connection that address this vulnerability.
What does CVE-2015-0716 affect?
CVE-2015-0716 affects Cisco Unity Connection versions 11.0(0.98000.225) and 11.0(0.98000.332).
What type of vulnerability is CVE-2015-0716?
CVE-2015-0716 is a cross-site request forgery (CSRF) vulnerability.
What can attackers do with CVE-2015-0716?
Attackers exploiting CVE-2015-0716 can hijack the authentication of arbitrary users on the affected systems.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco unity connection
- version/cisco unity connection/11.0\(0.98000.225\)
- version/cisco unity connection/11.0\(0.98000.332\)