1. Home
  2. Mapping Frameworks
  3. CVE Home
  4. Cisco Unified Communications Manager

CVE CVE-2019-1915 Mappings

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2019-1915 Cisco Unified Communications Manager primary_impact T1068 Exploitation for Privilege Escalation
CVE-2019-1915 Cisco Unified Communications Manager secondary_impact T1098 Account Manipulation
CVE-2019-1915 Cisco Unified Communications Manager exploitation_technique T1189 Drive-by Compromise
CVE-2019-1915 Cisco Unified Communications Manager exploitation_technique T1190 Exploit Public-Facing Application
CVE-2019-1915 Cisco Unified Communications Manager exploitation_technique T1566 Phishing
CVE-2019-1915 Cisco Unified Communications Manager exploitation_technique T1204.002 Malicious File