CISCO disclosed a Cross-Site Vulnerability in the web framework of Cisco Unified Communications Manager also known as CallManager. The public advisory was issued on March 15 at 1600 GMT were it confirmed that no other CISCO products apart from the CISCO CallManager was affected by the Cross-Site Vulnerability.

The CISCO CallManager is an IP based communications system that allows voice call, video calls and data transfers. The vulnerability was exposed by CISCO and it also revealed that there are no known exploits or malicious use of the vulnerability so far.

Further describing the XSS vulnerability the CISCO advisory also highlighted on the fact that the vulnerability originated due to insufficient validation of user-supplied input by the Cisco Unified CM User Options portal of the affected software.

The fixed software releases are made available under the bug ID CSCvb70033.

Don’t leave yourself exposed. Find your vulnerabilities before cybercriminals do. Contact us for Vulnerability Assessment and Penetration Testing.

Date Published
March 22, 2017