A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM.

An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link.

An exploit could allow the attacker to conduct a reflected XSS attack.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

The vulnerability is due to improper sanitization or encoding of user-supplied data by the ccmadmin page of an affected version of CUCM.

An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link.

An exploit could allow the attacker to conduct a reflected XSS attack.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm

Security Impact Rating: Medium

CVE: CVE-2016-9206

Leave a Reply