#VU13974 Cross-site request forgery in Cisco Unified Contact Center Express - CVE-2018-0402
Published: July 23, 2018
Vulnerability identifier: #VU13974
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0402
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Unified Contact Center Express
Cisco Unified Contact Center Express
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.
The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions on an affected application.
The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions on an affected application.
Remediation
Install update from vendor's website.