CVE-2015-0705

Name of the Vulnerable Software and Affected Versions Cisco Unified MeetingPlace version 8.6(1.9)

Description A cross-site request forgery (CSRF) issue exists in the SOAP API endpoints of the web-services directory, allowing remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

Recommendations For Cisco Unified MeetingPlace version 8.6(1.9), as a temporary workaround, consider restricting access to the SOAP API endpoints in the web-services directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.