Description
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jacob Holcomb · textwebappsjsp
https://www.exploit-db.com/exploits/24449
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120
Scores
EPSS
0.0058
EPSS Percentile
68.9%
Details
CWE
CWE-352
Status
published
Products (15)
cisco/unity_express
cisco/unity_express_software
1.1.1
cisco/unity_express_software
1.1.2
cisco/unity_express_software
2.0
cisco/unity_express_software
2.1
cisco/unity_express_software
2.2
cisco/unity_express_software
2.3
cisco/unity_express_software
3.0
cisco/unity_express_software
3.1
cisco/unity_express_software
3.2
... and 5 more
Published
Feb 06, 2013
Tracked Since
Feb 18, 2026