CVE-2017-6785

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 10.5(2.10000.5) through 11.5(1.10000.6)

Description A vulnerability in configuration modification permissions validation could allow an authenticated, remote attacker to perform a horizontal privilege escalation, modifying another user's configuration. This is due to a lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this by sending an authenticated, crafted HTTP request to the targeted application, impacting the integrity of the application.

Recommendations For versions 10.5(2.10000.5) through 11.5(1.10000.6), consider restricting access to user configuration modification features until a patch is available. As a temporary workaround, limit the privileges of users to prevent them from modifying other users' configurations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.