PT-2017-16130 · Cisco · Cisco Unified Communications Manager

Publicado

2017-02-22

Atualizado

2017-03-01

CVE-2017-3833

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager version 12.0(0.99999.2)

Description A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.

Recommendations For version 12.0(0.99999.2), update to a fixed release such as 11.0(1.23064.1), 11.5(1.12031.1), 11.5(1.12900.21), 11.5(1.12900.7), 11.5(1.12900.8), 11.6(1.10000.4), 12.0(0.98000.155), 12.0(0.98000.178), 12.0(0.98000.366), 12.0(0.98000.367), 12.0(0.98000.468), 12.0(0.98000.469), 12.0(0.98000.536), or 12.0(0.98000.6) to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-3833

Produtos afetados

Cisco Unified Communications Manager

PT-2017-16130 · Cisco · Cisco Unified Communications Manager

CVE-2017-3833

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4