CVE-2021-31584

Name of the Vulnerable Software and Affected Versions Sipwise C5 NGCP www csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 Sipwise C5 NGCP www admin version 3.6.7

Description The issue allows call/click2dial CSRF attacks for actions with administrative privileges. This can potentially lead to unauthorized actions being performed with administrative privileges.

Recommendations For Sipwise C5 NGCP www csc version 3.6.4 up to and including platform NGCP CE mr3.8.13, consider implementing CSRF protection measures to prevent unauthorized actions. For Sipwise C5 NGCP www admin version 3.6.7, restrict access to administrative actions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.