CVEブラウザに戻る

CVE-2016-6427

HIGH

8.8

CVSS Severity Score

EPSS Score0.0850%

EPSS Percentile35.15th

Published2016年10月6日

Last Modified2026年5月6日

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

Affected Platforms (CPE)

📦

Cisco

Unified Contact Center Express

= 10.0\(1\)

📦

Cisco

Unified Contact Center Express

= 10.5\(1\)

📦

Cisco

Unified Contact Center Express

= 10.6\(1\)

📦

Cisco

Unified Contact Center Express

= 11.0\(1\)

📦

Cisco

Unified Intelligence Center

= 8.5.4

📦

Cisco

Unified Intelligence Center

= 9.0\(2\)

📦

Cisco

Unified Intelligence Center

= 9.1\(1\)

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3

🔗 http://www.securityfocus.com/bid/93418

🔗 http://www.securitytracker.com/id/1036953

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3

🔗 http://www.securityfocus.com/bid/93418

🔗 http://www.securitytracker.com/id/1036953

関連する脆弱性情報

CVE-2018-04039.8

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow a...

CVE-2020-32809.8

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unaut...

CVE-2009-20479.0

Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in ...

CVE-2018-04028.8

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow a...