CVE-2019-1685

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection version 12.5

Description A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The issue is due to insufficient validation of user-supplied input by the interface. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information.

Recommendations For version 12.5, consider disabling the SAML SSO interface until a patch is available to prevent exploitation. Restrict access to the interface to minimize the risk of XSS attacks. Avoid using the interface with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.