A cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.

Cisco has not released software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-uc

Leave a Reply