CVE-2014-0740

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) versions 10.0(1) and earlier

Description A cross-site request forgery (CSRF) issue in the Call Detail Records Analysis and Reporting (CAR) interface of the OS Administration component allows remote attackers to hijack the authentication of administrators for requests that make administrative changes.

Recommendations For versions 10.0(1) and earlier, update to a version that contains a fix for this issue to prevent administrative changes from being made by remote attackers.