A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-09-23T00:25:43.408136Z
Updated: 2024-09-16T18:39:26.071Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3124
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-09-23T01:15:14.973
Modified: 2020-10-01T16:15:32.817
Link: CVE-2020-3124
Redhat
No data.