CVE-2018-0355

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (Unified CM) (affected versions not specified)

Description A vulnerability in the web UI could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. This issue is due to insufficient protections for HTML inline frames (iframes) by the web UI. An attacker could exploit this by persuading a user to navigate to an attacker-controlled web page containing a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.