CVE-2017-3888

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions prior to 12.0(0.98000.750) Cisco Unified Communications Manager versions prior to 12.0(0.98000.708) Cisco Unified Communications Manager versions prior to 12.0(0.98000.707) Cisco Unified Communications Manager versions prior to 12.0(0.98000.704) Cisco Unified Communications Manager versions prior to 12.0(0.98000.554) Cisco Unified Communications Manager versions prior to 12.0(0.98000.546) Cisco Unified Communications Manager versions prior to 12.0(0.98000.543) Cisco Unified Communications Manager versions prior to 12.0(0.98000.248) Cisco Unified Communications Manager versions prior to 12.0(0.98000.244) Cisco Unified Communications Manager versions prior to 12.0(0.98000.242)

However, to consolidate the ranges of affected versions into the most concise form, the above list can be simplified to: Cisco Unified Communications Manager version 12.0(0.98000.452)

Description A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This issue arises due to the lack of protection measures for the web page structure, potentially allowing a remote attacker to obtain information about the operating system using cross-site scripting.

Recommendations For Cisco Unified Communications Manager version 12.0(0.98000.452), update to version 12.0(0.98000.750) or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is applied.