CVE-2022-20787

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified)

Description The issue is related to insufficient checking of the source of HTTP requests in the web-based management interface, which could allow a remote attacker to conduct a cross-site request forgery (CSRF) attack using a specially crafted web page. This can be achieved by persuading a user of the interface to click a malicious link, potentially allowing the attacker to perform arbitrary actions with the privilege level of the affected user.

Recommendations For Cisco Unified Communications Manager, consider disabling access to the web-based management interface until a patch is available. For Cisco Unified Communications Manager Session Management Edition, restrict access to the web-based management interface to minimize the risk of exploitation. As a temporary workaround, avoid using links from untrusted sources to prevent potential CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.