CVE-2019-12711

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) (affected versions not specified)

Description The issue is related to improper restrictions on XML entities in the web-based interface, which could allow a remote attacker to access sensitive information or cause a denial of service condition. An attacker could exploit this by sending malicious requests that contain references in XML entities, potentially allowing them to retrieve files from the local system or consume available resources.

Recommendations For Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), consider restricting access to the web-based interface until a fix is available. As a temporary workaround, consider disabling the processing of external XML entities to minimize the risk of exploitation. Avoid using the web-based interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.