Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks
Cisco Unity Express prior to 8.0
A vulnerability was reported in Cisco Unity Express.
Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted requests.
A remote user can take actions on the Cisco Unity Express interface acting as the target user.
No solution was available at the time of this entry. The product version is no longer supported.