Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1120

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-1120
Last Modified 07 Feb 2013 12:00:00
Published 06 Feb 2013 07:05:43
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1120

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.

Vulnerable Systems

Application

  • Cisco Unity Express Software 1.1.1

  • Cisco Unity Express Software 1.1.2

  • Cisco Unity Express Software 2.0

  • Cisco Unity Express Software 2.1

  • Cisco Unity Express Software 2.2

  • Cisco Unity Express Software 2.3

  • Cisco Unity Express Software 3.0

  • Cisco Unity Express Software 3.1

  • Cisco Unity Express Software 3.2

  • Cisco Unity Express Software 7.0

  • Cisco Unity Express Software 7.1

  • Cisco Unity Express Software 7.2

  • Cisco Unity Express Software 7.3

  • Cisco Unity Express Software 7.4


References

CISCO - 20130201 Cisco Unity Express Cross Site Request Forgery Vulnerabilities


Last Updated: 27 May 2016 10:57:38