A Vulnerability in Cisco Products Could Allow for Server-Side Request Forgery
A vulnerability has been discovered in Cisco products that could allow for Server-Side Request Forgery. Cisco Unified Communications Manager (Unified CM) / Cisco Unified Communications Manager Session Management Edition (Unified CM SME) is Cisco’s central, software-based call control and session management platform for enterprise communication.Successful exploitation of this vulnerability could allow for Server-Side Request Forgery, where an attacker could write files to the underlying operating system that could be used later to elevate to root. Depending on the location the attacker is able to write files to, they may be able to execute commands or remotely access the affected device.
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Session Management Edition (Unified CM SME) allows for Server-Side Request Forgery, potentially leading to elevated privileges and remote access. The vulnerability is currently unexploited but proof of concept code exists publicly.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NRead the full article
This is a curated summary. The complete article is available at CIS Advisories.