CVE-2022-20815

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified) Cisco Unified Communications Manager IM & Presence Service versions (affected versions not specified)

Description The issue is related to a lack of input validation in the web-based management interface, which could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This can be achieved by persuading a user to click a crafted link, potentially allowing the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

Recommendations For Cisco Unified Communications Manager, update to a version that properly validates user-supplied input to prevent XSS attacks. For Cisco Unified Communications Manager Session Management Edition, apply configuration changes to ensure the web-based management interface properly sanitizes user input. For Cisco Unified Communications Manager IM & Presence Service, restrict access to the web-based management interface until a patch is available that addresses the input validation issue. As a temporary workaround, consider disabling the web-based management interface for the affected systems until a fix is applied.