CVE-2014-0736

high

Description

Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.

References

http://www.securitytracker.com/id/1029792

http://tools.cisco.com/security/center/viewAlert.x?alertId=32911

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736

Details

Source: Mitre, NVD

Published: 2014-02-20

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00159