PT-2017-16126 · Cisco · Cisco Unified Communications Manager
Publicado
2017-02-22
·
Atualizado
2017-07-25
·
CVE-2017-3828
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager Switches versions 11.0(1.10000.10) through 11.5(1.10000.6)
Description
A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
Recommendations
For versions 11.0(1.10000.10) and 11.5(1.10000.6), update to a fixed release such as 11.0(1.23063.1), 11.5(1.12029.1), 11.5(1.12900.11), 11.5(1.12900.21), 11.6(1.10000.4), 12.0(0.98000.156), 12.0(0.98000.178), 12.0(0.98000.369), 12.0(0.98000.470), 12.0(0.98000.536), or 12.0(0.98500.6) to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Unified Communications Manager