CVE-2016-6440
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(0.99838.4\) | |
References
- http://www.securityfocus.com/bid/93521
- http://www.securitytracker.com/id/1037005
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
- http://www.securityfocus.com/bid/93521
- http://www.securitytracker.com/id/1037005
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.