{"vuid":"VU#136612","idnumber":"136612","name":"Mutare Software Enabled VoiceMail (EVM) system web interface cross-site request forgery vulnerabilities","keywords":["Mutare","eVoicemail","cross-site"],"overview":"The Mutare Software Enabled VoiceMail (EVM) system web interface is susceptible to cross-site request forgery and cross-site scripting attacks.","clean_desc":"The Mutare Software Enabled VoiceMail (EVM) system web interface allows the user to change their Enabled VoiceMail (EVM) PIN, delete their voice messages, and add or modify their email delivery address for voicemails. These HTTP requests do not perform proper validity checks and are susceptible to cross-site request forgery and cross-site scripting attacks.","impact":"An attacker can change a user's Enabled VoiceMail (EVM) PIN, delete their voice messages, and add or modify their email delivery address for voicemails, if able to trick a user into visiting a specially crafted link.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Restrict access Restrict network access to the Mutare Software Enabled VoiceMail (EVM) system web interface and other devices using open protocols like HTTP.","sysaffected":"","thanks":"Thanks to Travis Lee for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":[],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-11-04T18:09:55Z","publicdate":"2011-02-23T00:00:00Z","datefirstpublished":"2011-02-23T14:19:51Z","dateupdated":"2011-02-23T14:19:52Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"2.16","cam_scorecurrentwidelyknown":"12.42","cam_scorecurrentwidelyknownexploited":"23.22","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.16,"vulnote":null}