The attacks described in the report manipulate a Cross Site Scripting
(XSS) weakness in the web interface of the Cisco CallManager. XSS attacks of
this nature rely on intervention of a privileged user and typically attempt to
manipulate or trick such a user into clicking on an HTTP URL (typically
embedded in an email or HTTP web page).
Cisco recommends that users take care when clicking on URLs and
validate the URL being accessed is indeed the site you intend to browse.
Checking the HTML source of a web page or email will reveal the true
destination of a link.
There are no workarounds that will mitigate this vulnerability.
Cisco has released fixed software for the following supported
Cisco is scheduled to release fixed software for the following
supported CallManager trains: