Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions.

The vulnerability is due to a lack of CSRF protections by an affected device. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to submit arbitrary requests to the affected device via the web browser with the privileges of the user.

More information can be found at the following link: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)[“https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)”]

Cisco has not released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf”]