Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | <= 10.0\(1\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32911Vendor Advisory
- http://www.securitytracker.com/id/1029792
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32911Vendor Advisory
- http://www.securitytracker.com/id/1029792
FAQ
What is CVE-2014-0736?
CVE-2014-0736 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote atta...
How severe is CVE-2014-0736?
CVE-2014-0736 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0736?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.