Wednesday, December 7, 2016

Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2hgLEMH A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://ift.tt/2hgLEMH
Security Impact Rating: Medium
CVE: CVE-2016-9206

from Cisco Security Advisory http://ift.tt/2hgLEMH
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)