First published: Wed Oct 02 2019(Updated: )
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Communications Manager | =10.5\(2.10000.5\) | |
Cisco Unified Communications Manager | =11.5\(1.10000.6\) | |
Cisco Unified Communications Manager | =12.0\(1.10000.10\) | |
Cisco Unified Communications Manager | =12.5\(1.10000.22\) | |
Cisco Unity Connection | =11.5 | |
Cisco Unity Connection | =12.0 | |
Cisco Unity Connection | =12.5 | |
Cisco Unity Connection | =14.0 | |
Cisco Unified Communications Manager IM and Presence Service | =12.5\(1\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1915 is a vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection.
The severity of CVE-2019-1915 is medium with a CVSS score of 6.5.
CVE-2019-1915 affects Cisco Unified Communications Manager versions 10.5(2.10000.5), 11.5(1.10000.6), 12.0(1.10000.10), and 12.5(1.10000.22).
CVE-2019-1915 affects Cisco Unity Connection versions 11.5, 12.0, 12.5, and 14.0.
To fix CVE-2019-1915, it is recommended to apply the necessary updates provided by Cisco.