CVE-2014-0736 Information

Description

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications aka Bug ID CSCum46468.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736 http://tools.cisco.com/security/center/viewAlert.x?alertId=32911 http://www.securitytracker.com/id/1029792