PROBLEM:
Cisco Unity Express Input Validation Hole Permits Cross-Site Request Forgery Attacks
PLATFORM:
Cisco Unity Express prior to 8.0
ABSTRACT:
A vulnerability was reported in Cisco Unity Express.
REFERENCE LINKS:
Cisco Security Notice
SecurityTracker Alert ID: 1028075
CVE-2013-1120
IMPACT ASSESSMENT:
Medium
DISCUSSION:
Cisco Unity Express software prior to version 8.0 contains vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross site request forgery attacks. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted requests.
IMPACT:
A remote user can take actions on the Cisco Unity Express interface acting as the target user.
SOLUTION:
No solution was available at the time of this entry. The product version is no longer supported.