CNNVD-202509-258 Information

CNNVD ID

CNNVD-202509-258

Related CVE

CVE-2025-20326

• CNNVD Published: 2025-09-03

Description (Chinese)

Cisco Unified Communications Manager是美国思科（Cisco）公司的一款统一通信系统中的呼叫处理组件。该组件提供了一种可扩展、可分布和高可用的企业IP电话呼叫处理解决方案。 Cisco Unified Communications Manager存在跨站请求伪造漏洞，该漏洞源于CSRF保护不足，可能导致跨站请求伪造攻击。

Description (English)

Cisco United Communications Manager is a call-processing component of a unified communications system of Cisco. The component provides an extended, distributed and highly usable enterprise IP call processing solution. Cisco United Nations Manager had a false breach in cross-site requests, which stemmed from inadequate protection by CSRF and could lead to cross-site requests for false attacks.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Citadel

Published

2025-09-03

Last Modified

2026-02-24

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-csrf-w762pRYd

Patch

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-csrf-w762pRYd