4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.6%
Cisco CallManager versions prior to 4.3(1), 4.2(3), 4.1(3)SR4 and 3.3(5)SR3 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script in the userβs browser session.
The vulnerability exists due to improper input sanitization in the CallManager Administration web interface and the CallManager User Options web interface. An attacker could exploit the vulnerability by convincing a user to follow a link designed to pass malicious script code to a vulnerable parameter. This could allow the attacker to execute arbitrary script code in the userβs browser session in the context of the affected site.
Proof-of-concept code is available.
Cisco has confirmed this vulnerability with a security
response but patches are not yet available.
In order to exploit this vulnerability, an attacker must have an IP address and port number for an affected CallManager server. This will require social engineering or an inside attacker in most cases. However, should the vulnerable interfaces be exposed directly to the Internet, an attacker could determine the address. The attacker would still need to convince a user of one of these systems to execute a crafted link.
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified communications manager | eq | any | |
cisco unified communications manager | eq | any |