CVE-2014-0736

Sažetak

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736
http://tools.cisco.com/security/center/viewAlert.x?alertId=32911
http://www.securitytracker.com/id/1029792

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-08-2015 - 17:45

Objavljeno

20-02-2014 - 05:18