HomeRisk ManagementsCisco Unified Communications Manager Cross-Site Scripting Vulnerability from sec.cloudapps.cisco.com

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability from sec.cloudapps.cisco.com

Published on

spot_img

A recent vulnerability has been discovered in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability could potentially allow an unauthenticated, remote attacker to carry out a cross-site scripting (XSS) attack against a user of the interface.

The vulnerability stems from a lack of proper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by tricking a user of the interface into clicking on a specially crafted link. If successful, the attacker could execute arbitrary script code within the affected interface or gain access to sensitive browser-based information.

To address this issue, Cisco has promptly released software updates that patch the vulnerability. It is important to note that there are currently no workarounds available to mitigate this vulnerability.

At the time of publication, both Cisco Unified CM and Cisco Unified CM SME were affected by this vulnerability, regardless of device configuration. It is recommended that users refer to the Fixed Software section of the advisory for information on affected software releases.

Products such as Emergency Responder, Prime Collaboration Deployment, Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Unity Connection have been confirmed not to be vulnerable to this issue.

In terms of fixed software, customers are advised to consult Cisco Security Advisories regularly for updates on software upgrades. It is crucial to ensure that devices being upgraded have sufficient memory and that current hardware and software configurations will be supported by the new release.

The fixed releases provided by Cisco for this vulnerability include:
– Cisco Unified CM 12.5: Migrate to a fixed release
– Cisco Unified CM 14: 14SU5 (2025)
– Cisco Unified CM 15: 15SU2

The Cisco Product Security Incident Response Team (PSIRT) is responsible for validating affected and fixed release information detailed in this advisory.

For further details on Cisco security vulnerability disclosure policies and publications, users can refer to the Security Vulnerability Policy on the Cisco website. Additionally, the Revision History section of this advisory outlines the version information and release date of the initial public announcement.

It is important to adhere to the legal disclaimer provided in the advisory, as the information is subject to change without guarantee or warranty. Users are encouraged to stay informed about updates and changes to the document for the most accurate and current information.

Overall, it is essential for users of Cisco Unified Communications Manager and Cisco Unified Communications Manager SME to be aware of this XSS vulnerability and take necessary actions to ensure the security of their systems. Cisco’s prompt response in releasing software updates demonstrates their commitment to addressing security concerns within their products.

Source link

Latest articles

Subaru Starlink Vulnerability Exposes Cars to Remote Hacking

A recent discovery by security researcher Sam Curry has unveiled a vulnerability in Subaru’s...

Four individuals apprehended in Noida for tricking a man out of Rs 26 lakh through WhatsApp

Noida police's cyber crime wing has recently made significant strides in cracking down on...

DoJ Breaks Up Another Multinational DPRK IT Worker Scam

Five individuals from various nationalities, including two Americans, two North Koreans, and a Mexican...

Preventing Black Basta

Since the emergence of the Black-Basta group in 2022, more and more companies have...

More like this

Subaru Starlink Vulnerability Exposes Cars to Remote Hacking

A recent discovery by security researcher Sam Curry has unveiled a vulnerability in Subaru’s...

Four individuals apprehended in Noida for tricking a man out of Rs 26 lakh through WhatsApp

Noida police's cyber crime wing has recently made significant strides in cracking down on...

DoJ Breaks Up Another Multinational DPRK IT Worker Scam

Five individuals from various nationalities, including two Americans, two North Koreans, and a Mexican...