CVE-2019-15272

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (affected versions not specified)

Description The issue is related to improper handling of malformed HTTP methods in the web-based interface, allowing an unauthenticated, remote attacker to bypass security restrictions. An attacker could exploit this by sending a crafted HTTP request to the affected system, potentially gaining unauthorized access.

Recommendations For Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition, consider restricting access to the web-based interface until a fix is available. As a temporary workaround, consider implementing additional security measures to handle malformed HTTP methods. At the moment, there is no information about a newer version that contains a fix for this vulnerability.