Vulnerabilites related to cisco - unified_communications_manager
Vulnerability from fkie_nvd
Published
2014-08-11 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4180A0F5-B308-490A-9854-A12FD31D58E3", versionEndIncluding: "8.6\\(2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.", }, { lang: "es", value: "Cisco Unified Communications Manager (CM) 8.6(.2) y anteriores tiene una configuración de restricciones CLI incorrecta, lo que permite a usuarios remotos autenticados establecer inicios de sesión concurrentes sin detección a través de vectores no especificados, también conocido como Bug ID CSCup98029.", }, ], id: "CVE-2014-3332", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-08-11T20:55:07.107", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/69068", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030687", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-08-01 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(3.10000.9\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(3.10000.9\\):*:*:*:*:*:*:*", matchCriteriaId: "C52EECB0-65B5-46DF-800F-63AD2A784A71", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.", }, { lang: "es", value: "Vulnerabilidad en el componente Prime Collaboration Deployment en Cisco Unified Communications Manager 10.5(3.10000.9), permite a usuarios remotos autenticados descubrir los credenciales de root a través de una petición directa a una URL no especificada, también conocida como Bug ID CSCuv21819.", }, ], id: "CVE-2015-4295", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-08-01T01:59:18.693", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=40223", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1033174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=40223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1033174", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-10 10:15
Modified
2025-04-03 20:53
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
{ cisaActionDue: "2021-12-24", cisaExploitAdd: "2021-12-10", cisaRequiredAction: "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.", cisaVulnerabilityName: "Apache Log4j2 Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BD64FC36-CC7B-4FD7-9845-7EA1DDB0E627", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "CF99FE8F-40D0-48A8-9A40-43119B259535", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D0012304-B1C8-460A-B891-42EBF96504F5", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "F3F61BCB-64FA-463C-8B95-8868995EDBC0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B02BCF56-D9D3-4BF3-85A2-D445E997F5EC", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "B5A189B7-DDBF-4B84-997F-637CEC5FF12B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4A2DB5BA-1065-467A-8FB6-81B5EC29DC0C", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "035AFD6F-E560-43C8-A283-8D80DAA33025", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "809EB87E-561A-4DE5-9FF3-BBEE0FA3706E", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*", matchCriteriaId: "4594FF76-A1F8-4457-AE90-07D051CD0DCB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "03FA5E81-F9C0-403E-8A4B-E4284E4E7B72", versionEndExcluding: "2.3.1", versionStartIncluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "AED3D5EC-DAD5-4E5F-8BBD-B4E3349D84FC", versionEndExcluding: "2.12.2", versionStartIncluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", matchCriteriaId: "D31D423D-FC4D-428A-B863-55AF472B80DC", versionEndExcluding: "2.15.0", versionStartIncluding: "2.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*", matchCriteriaId: "17854E42-7063-4A55-BF2A-4C7074CC2D60", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", matchCriteriaId: "53F32FB2-6970-4975-8BD0-EAE12E9AD03A", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*", matchCriteriaId: "B773ED91-1D39-42E6-9C52-D02210DE1A94", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*", matchCriteriaId: "EF24312D-1A62-482E-8078-7EC24758B710", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "E8320869-CBF4-4C92-885C-560C09855BFA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*", matchCriteriaId: "755BA221-33DD-40A2-A517-8574D042C261", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:capital:*:*:*:*:*:*:*:*", matchCriteriaId: "9AAF12D5-7961-4344-B0CC-BE1C673BFE1F", versionEndExcluding: "2019.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:capital:2019.1:-:*:*:*:*:*:*", matchCriteriaId: "19CB7B44-1877-4739-AECB-3E995ED03FC9", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:capital:2019.1:sp1912:*:*:*:*:*:*", matchCriteriaId: "A883D9C2-F2A4-459F-8000-EE288DC0DD17", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD4AC6F-B8D3-4588-B3BD-55C9BAF4AAAC", versionEndExcluding: "10.4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:*:*:*:*:*:*:*", matchCriteriaId: "8AFD64AC-0826-48FB-91B0-B8DF5ECC8775", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*", matchCriteriaId: "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*", matchCriteriaId: "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*", matchCriteriaId: "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*", matchCriteriaId: "A76AA04A-BB43-4027-895E-D1EACFCDF41B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*", matchCriteriaId: "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*", matchCriteriaId: "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*", matchCriteriaId: "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*", matchCriteriaId: "B678380B-E95E-4A8B-A49D-D13B62AA454E", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*", matchCriteriaId: "4557476B-0157-44C2-BB50-299E7C7E1E72", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*", matchCriteriaId: "991B2959-5AA3-4B68-A05A-42D9860FAA9D", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*", matchCriteriaId: "7E5948A0-CA31-41DF-85B6-1E6D09E5720B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*", matchCriteriaId: "4C08D302-EEAC-45AA-9943-3A5F09E29FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*", matchCriteriaId: "D53BA68C-B653-4507-9A2F-177CF456960F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:energyip_prepay:*:*:*:*:*:*:*:*", matchCriteriaId: "536C7527-27E6-41C9-8ED8-564DD0DC4EA0", versionEndExcluding: "3.8.0.12", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0E180527-5C36-4158-B017-5BEDC0412FD6", versionEndExcluding: "8.6.2j-398", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*", matchCriteriaId: "AFDADA98-1CD0-45DA-9082-BFC383F7DB97", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E33D707F-100E-4DE7-A05B-42467DE75EAC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*", matchCriteriaId: "2AC8AB52-F4F4-440D-84F5-2776BFE1957A", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*", matchCriteriaId: "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*", matchCriteriaId: "25FADB1B-988D-4DB9-9138-7542AFDEB672", versionEndExcluding: "2021-12-16", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*", matchCriteriaId: "48C6A61B-2198-4B9E-8BCF-824643C81EC3", versionEndExcluding: "2021-12-13", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*", matchCriteriaId: "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*", matchCriteriaId: "C07AFA19-21AE-4C7E-AA95-69599834C0EC", versionEndExcluding: "3.5", versionStartIncluding: "3.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "74D1F4AD-9A60-4432-864F-4505B3C60659", versionEndIncluding: "1.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "7ABA5332-8D1E-4129-A557-FCECBAC12827", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "9C3AA865-5570-4C8B-99DE-431AD7B163F1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siguard_dsa:*:*:*:*:*:*:*:*", matchCriteriaId: "9A4B950B-4527-491B-B111-046DB1CCC037", versionEndExcluding: "4.4.1", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*", matchCriteriaId: "2FC0A575-F771-4B44-A0C6-6A5FD98E5134", versionEndIncluding: "4.16.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "6D1D6B61-1F17-4008-9DFB-EF419777768E", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*", matchCriteriaId: "F30DE588-9479-46AA-8346-EA433EE83A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*", matchCriteriaId: "4941EAD6-8759-4C72-ABA6-259C0E838216", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*", matchCriteriaId: "0762031C-DFF1-4962-AE05-0778B27324B9", versionEndExcluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*", matchCriteriaId: "96271088-1D1B-4378-8ABF-11DAB3BB4DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*", matchCriteriaId: "2595AD24-2DF2-4080-B780-BC03F810B9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*", matchCriteriaId: "88096F08-F261-4E3E-9EEB-2AB0225CD6F3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*", matchCriteriaId: "044994F7-8127-4F03-AA1A-B2AB41D68AF5", versionEndExcluding: "4.70", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*", matchCriteriaId: "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*", matchCriteriaId: "17B7C211-6339-4AF2-9564-94C7DE52EEB7", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*", matchCriteriaId: "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*", matchCriteriaId: "12F81F6B-E455-4367-ADA4-8A5EC7F4754A", versionEndExcluding: "2.30", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*", matchCriteriaId: "A5EF509E-3799-4718-B361-EFCBA17AEEF3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*", matchCriteriaId: "8CA31645-29FC-4432-9BFC-C98A808DB8CF", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*", matchCriteriaId: "BB424991-0B18-4FFC-965F-FCF4275F56C5", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*", matchCriteriaId: "72D238AB-4A1F-458D-897E-2C93DCD7BA6C", versionEndExcluding: "2019.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*", matchCriteriaId: "9778339A-EA93-4D18-9A03-4EB4CBD25459", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*", matchCriteriaId: "1747F127-AB45-4325-B9A1-F3D12E69FFC8", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*", matchCriteriaId: "18BBEF7C-F686-4129-8EE9-0F285CE38845", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2020.1:-:*:*:*:*:*:*", matchCriteriaId: "264C7817-0CD5-4370-BC39-E1DF3E932E16", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:vesys:2021.1:-:*:*:*:*:*:*", matchCriteriaId: "C7442C42-D493-46B9-BCC2-2C62EAD5B945", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*", matchCriteriaId: "AD525494-2807-48EA-AED0-11B9CB5A6A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*", matchCriteriaId: "1EDCBF98-A857-48BC-B04D-6F36A1975AA5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*", matchCriteriaId: "12A06BF8-E4DC-4389-8A91-8AC7598E0009", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:datacenter_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EAD1E1F3-F06B-4D17-8854-2CDA7E6D872D", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*", matchCriteriaId: "18989EBC-E1FB-473B-83E0-48C8896C2E96", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*", matchCriteriaId: "EDE66B6C-25E5-49AE-B35F-582130502222", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*", matchCriteriaId: "22BEE177-D117-478C-8EAD-9606DEDF9FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*", matchCriteriaId: "FC619106-991C-413A-809D-C2410EBA4CDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", matchCriteriaId: "CA7D45EF-18F7-43C6-9B51-ABAB7B0CA3CD", versionEndExcluding: "10.0.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", matchCriteriaId: "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*", matchCriteriaId: "25FA7A4D-B0E2-423E-8146-E221AE2D6120", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*", matchCriteriaId: "26FCA75B-4282-4E0F-95B4-640A82C8E91C", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", matchCriteriaId: "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*", matchCriteriaId: "F3A48D58-4291-4D3C-9CEA-BF12183468A7", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", matchCriteriaId: "D452B464-1200-4B72-9A89-42DC58486191", vulnerable: true, }, { criteria: "cpe:2.3:a:netapp:solidfire_enterprise_sds:-:*:*:*:*:*:*:*", matchCriteriaId: "5D18075A-E8D6-48B8-A7FA-54E336A434A2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "4E52AF19-0158-451B-8E36-02CB6406083F", versionEndExcluding: "3.5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*", matchCriteriaId: "CB21CFB4-4492-4C5D-BD07-FFBE8B5D92B6", versionEndExcluding: "2.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*", matchCriteriaId: "97426511-9B48-46F5-AC5C-F9781F1BAE2F", versionEndExcluding: "2021.11_1.162", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "82306B9F-AE97-4E29-A8F7-2E5BA52998A7", versionEndExcluding: "3.0.000.115", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "4C903C85-DC0F-47D8-B8BE-7A666877B017", versionEndExcluding: "3.1.000.044", versionStartIncluding: "3.1.000.000", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*", matchCriteriaId: "E4C6F9E0-5DCE-431D-AE7E-B680AC1F9332", versionEndExcluding: "3.2.000.009", versionStartIncluding: "3.2.000.000", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*", matchCriteriaId: "52CF6199-8028-4076-952B-855984F30129", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*", matchCriteriaId: "622BB8D9-AC81-4C0F-A5C5-C5E51F0BC0D1", versionEndExcluding: "4.10.0.16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*", matchCriteriaId: "38FB3CE1-5F62-4798-A825-4E3DB07E868F", versionEndExcluding: "5.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*", matchCriteriaId: "29CDB878-B085-448E-AB84-25B1E2D024F8", versionEndExcluding: "5.3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C25FDA96-9490-431F-B8B6-CC2CC272670E", versionEndExcluding: "5.5.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", matchCriteriaId: "51CD9E4C-9385-435C-AD18-6C36C8DF7B65", versionEndExcluding: "2.9.1.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0AC4C1-CB06-4084-BFBB-5B702C384C53", versionEndExcluding: "2.10.0.1", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*", matchCriteriaId: "3871EBD2-F270-435A-B98C-A282E1C52693", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D4DF34B-E8C2-41C8-90E2-D119B50E4E7E", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*", matchCriteriaId: "C8EF64DA-73E4-4E5E-8F9A-B837C947722E", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "66E1E4FC-0B6E-4CFA-B003-91912F8785B2", versionEndExcluding: "2.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1B2390C3-C319-4F05-8CF0-0D30F9931507", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "C154491E-06C7-48B0-AC1D-89BBDBDB902E", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1E98EC48-0CED-4E02-9CCB-06EF751F2BDC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "C569DC2A-CFF6-4E13-A50C-E215A4F96D99", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "258A51AC-6649-4F67-A842-48A7AE4DCEE1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "8DC22505-DE11-4A1B-8C06-1E306419B031", versionEndExcluding: "4.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "9E31AC54-B928-48B5-8293-F5F4A7A8C293", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "5B8AE870-6FD0-40D2-958B-548E2D7A7B75", versionEndExcluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "68E7D83B-B6AC-45B1-89A4-D18D7A6018DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*", matchCriteriaId: "17660B09-47AA-42A2-B5FF-8EBD8091C661", versionEndExcluding: "1.12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*", matchCriteriaId: "FBEF9A82-16AE-437A-B8CF-CC7E9B6C4E44", versionEndExcluding: "4.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "843147AE-8117-4FE9-AE74-4E1646D55642", versionEndExcluding: "11.3\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "7EB871C9-CA14-4829-AED3-CC2B35E99E92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "4FF8A83D-A282-4661-B133-213A8838FB27", versionEndExcluding: "2.1.2.8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "139CDAA5-63E9-4E56-AF72-745BD88E4B49", versionEndExcluding: "2.2.2.8", versionStartIncluding: "2.2.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", matchCriteriaId: "01FD99C4-BCB1-417E-ADCE-73314AD2E857", versionEndExcluding: "2.2.3.4", versionStartIncluding: "2.2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*", matchCriteriaId: "9031BE8A-646A-4581-BDE5-750FB0CE04CB", versionEndExcluding: "2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "15BED3E2-46FF-4E58-8C5D-4D8FE5B0E527", versionEndExcluding: "11.5\\(4\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*", matchCriteriaId: "7C950436-2372-4C4B-9B56-9CB48D843045", versionEndExcluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0B61F186-D943-4711-B3E0-875BB570B142", versionEndIncluding: "4.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*", matchCriteriaId: "2A285C40-170D-4C95-8031-2C6E4D5FB1D4", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3C0F02B5-AA2A-48B2-AE43-38B45532C563", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*", matchCriteriaId: "830BDB28-963F-46C3-8D50-638FDABE7F64", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "54553C65-6BFA-40B1-958D-A4E3289D6B1D", versionEndExcluding: "2.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*", matchCriteriaId: "439948AD-C95D-4FC3-ADD1-C3D241529F12", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*", matchCriteriaId: "9C2002AE-0F3C-4A06-9B9A-F77A9F700EB2", versionEndExcluding: "2.3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "596A986D-E7DC-4FC4-A776-6FE87A91D7E4", versionEndExcluding: "1.0.9-361", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*", matchCriteriaId: "DD93434E-8E75-469C-B12B-7E2B6EDCAA79", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "78684844-4974-41AD-BBC1-961F60025CD2", versionEndExcluding: "6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "3A00D235-FC9C-4EB7-A16C-BB0B09802E61", versionEndExcluding: "5.3.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "C60FDD1B-898E-4FCB-BDE2-45A7CBDBAF4F", versionEndExcluding: "5.4.5.2", versionStartIncluding: "5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "E7A33E5F-BBC7-4917-9C63-900248B546D9", versionEndExcluding: "5.5.4.1", versionStartIncluding: "5.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*", matchCriteriaId: "12D98A7C-4992-4E58-A6BD-3D8173C8F2B0", versionEndExcluding: "5.6.3.1", versionStartIncluding: "5.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*", matchCriteriaId: "E2DDC1AF-31B5-4F05-B84F-8FD23BE163DA", versionEndExcluding: "2.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*", matchCriteriaId: "A4540CF6-D33E-4D33-8608-11129D6591FA", versionEndExcluding: "6.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "129A7615-99E7-41F8-8EBC-CEDA10AD89AD", versionEndExcluding: "1.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "5F46A7AC-C133-442D-984B-BA278951D0BF", versionEndExcluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "A1A75AB6-C3A7-4299-B35A-46A4BCD00816", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*", matchCriteriaId: "0A73E888-C8C2-4AFD-BA60-566D45214BCA", versionEndExcluding: "14.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*", matchCriteriaId: "4B0D0FD0-ABC6-465F-AB8D-FA8788B1B2DD", versionEndExcluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "D673F6F7-C42A-4538-96F0-34CB4F0CB080", versionEndExcluding: "20.3.4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "FD374819-3CED-4260-90B6-E3C1333EAAD2", versionEndExcluding: "20.4.2.1", versionStartIncluding: "20.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D89973-94AF-4BE7-8245-275F3FEB30F4", versionEndExcluding: "20.5.1.1", versionStartIncluding: "20.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", matchCriteriaId: "91A9A889-2C2B-4147-8108-C35291761C15", versionEndExcluding: "20.6.2.1", versionStartIncluding: "20.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*", matchCriteriaId: "D0EEA1EC-C63C-4C7D-BFAE-BA4556332242", versionEndExcluding: "3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*", matchCriteriaId: "ACE22D97-42FA-4179-99E5-C2EE582DB7FF", versionEndExcluding: "2.0\\(1p\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*", matchCriteriaId: "F6B5DB6D-9E7D-4403-8028-D7DA7493716B", versionEndExcluding: "6.8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "B98D7AD5-0590-43FB-8AC0-376C9C500C15", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "D9DA1900-9972-4DFD-BE2E-74DABA1ED9A9", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "7E958AFF-185D-4D55-B74B-485BEAEC42FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "B85B81F9-8837-426E-8639-AB0712CD1A96", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "C1CCCD27-A247-4720-A2FE-C8ED55D1D0DE", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "34D89C42-AAD9-4B04-9F95-F77681E39553", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*", matchCriteriaId: "897C8893-B0B6-4D6E-8D70-31B421D80B9A", versionEndExcluding: "11.6\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "91D62A73-21B5-4D16-A07A-69AED2D40CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", matchCriteriaId: "B0492049-D3AC-4512-A4BF-C9C26DA72CB0", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", matchCriteriaId: "3868A8AA-6660-4332-AB0C-089C150D00E7", versionEndExcluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*", matchCriteriaId: "58BD72D6-4A79-49C9-9652-AB0136A591FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*", matchCriteriaId: "A32761FD-B435-4E51-807C-2B245857F90E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*", matchCriteriaId: "154F7F71-53C5-441C-8F5C-0A82CB0DEC43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "65FD3873-2663-4C49-878F-7C65D4B8E455", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0886FB04-24AA-4995-BA53-1E44F94E114E", versionEndExcluding: "7.14.4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*", matchCriteriaId: "C61805C1-1F73-462C-A9CA-BB0CA4E57D0B", versionEndExcluding: "2.6.7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB39834-0F6D-4BD7-AFEC-DD8BEE46DA50", versionEndExcluding: "3.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0B78DD21-15F2-47A4-8A99-6DB6756920AC", versionEndExcluding: "3.4.4", versionStartIncluding: "3.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*", matchCriteriaId: "7C6222EB-36E1-4CD5-BD69-5A921ED5DA6A", versionEndExcluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*", matchCriteriaId: "C200CABD-F91B-49C4-A262-C56370E44B4C", versionEndExcluding: "7.3.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*", matchCriteriaId: "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C", versionEndExcluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*", matchCriteriaId: "61D1081F-87E8-4E8B-BEBD-0F239E745586", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "8D138973-02B0-4FEC-A646-FF1278DA1EDF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "14DBEC10-0641-441C-BE15-8F72C1762DCE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*", matchCriteriaId: "205C1ABA-2A4F-480F-9768-7E3EC43B03F5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*", matchCriteriaId: "D36FE453-C43F-448B-8A59-668DE95468C0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*", matchCriteriaId: "E8DF0944-365F-4149-9059-BDFD6B131DC5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*", matchCriteriaId: "6B37AA08-13C7-4FD0-8402-E344A270C8F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*", matchCriteriaId: "2AA56735-5A5E-4D8C-B09D-DBDAC2B5C8E9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*", matchCriteriaId: "4646849B-8190-4798-833C-F367E28C1881", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*", matchCriteriaId: "4D6CF856-093A-4E89-A71D-50A2887C265B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "B36A9043-0621-43CD-BFCD-66529F937859", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "8842B42E-C412-4356-9F54-DFC53B683D3E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "D25BC647-C569-46E5-AD45-7E315EBEB784", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B468EDA1-CDEF-44D4-9D62-C433CF27F631", versionEndExcluding: "3.2.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "C90C6CD1-4678-4621-866B-F0CE819C8000", versionEndExcluding: "12.6\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "9E4905E2-2129-469C-8BBD-EDA258815E2B", versionEndExcluding: "10.2.1v2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*", matchCriteriaId: "EC86AC6C-7C08-4EB9-A588-A034113E4BB1", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*", matchCriteriaId: "7FFE3880-4B85-4E23-9836-70875D5109F7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*", matchCriteriaId: "727A02E8-40A1-4DFE-A3A2-91D628D3044F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*", matchCriteriaId: "19F6546E-28F4-40DC-97D6-E0E023FE939B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*", matchCriteriaId: "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*", matchCriteriaId: "52D96810-5F79-4A83-B8CA-D015790FCF72", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*", matchCriteriaId: "16FE2945-4975-4003-AE48-7E134E167A7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*", matchCriteriaId: "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*", matchCriteriaId: "976901BF-C52C-4F81-956A-711AF8A60140", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*", matchCriteriaId: "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*", matchCriteriaId: "957D64EB-D60E-4775-B9A8-B21CA48ED3B1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*", matchCriteriaId: "A694AD51-9008-4AE6-8240-98B17AB527EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*", matchCriteriaId: "38AE6DC0-2B03-4D36-9856-42530312CC46", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*", matchCriteriaId: "71DCEF22-ED20-4330-8502-EC2DD4C9838F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*", matchCriteriaId: "3DB2822B-B752-4CD9-A178-934957E306B4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*", matchCriteriaId: "81F4868A-6D62-479C-9C19-F9AABDBB6B24", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*", matchCriteriaId: "65378F3A-777C-4AE2-87FB-1E7402F9EA1B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*", matchCriteriaId: "07DAFDDA-718B-4B69-A524-B0CEB80FE960", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "82C8AD48-0130-4C20-ADEC-697668E2293B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4E75EF7C-8D71-4D70-91F0-74FC99A90CC3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "2DB7EE7D-8CB4-4804-9F9D-F235608E86E1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*", matchCriteriaId: "77571973-2A94-4E15-AC5B-155679C3C565", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CA405A50-3F31-48ED-9AF1-4B02F5B367DE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*", matchCriteriaId: "D3753953-04E8-4382-A6EC-CD334DD83CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B4A5F89F-1296-4A0F-A36D-082A481F190F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F50F48AF-44FF-425C-9685-E386F956C901", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*", matchCriteriaId: "A4D28E76-56D4-4C9A-A660-7CD7E0A1AC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*", matchCriteriaId: "CD975A0E-00A6-475E-9064-1D64E4291499", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*", matchCriteriaId: "2E50AC21-DA54-4BC8-A503-1935FD1714C7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "4D05E169-4AF1-4127-A917-056EC2CE781B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8AD415A2-422E-4F15-A177-C3696FEAFF0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "134443B7-7BA8-4B50-8874-D4BF931BECFD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "73ADF6EA-CD29-4835-8D72-84241D513AFF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*", matchCriteriaId: "BAC1A386-04C7-45B2-A883-1CD9AB60C14B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*", matchCriteriaId: "3F0F1639-D69E-473A-8926-827CCF73ACC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*", matchCriteriaId: "F4FDF900-E9D6-454A-BF6B-821620CA59F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*", matchCriteriaId: "1859BD43-BA2B-45A5-B523-C6BFD34C7B01", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*", matchCriteriaId: "1EBC145C-9A2F-4B76-953E-0F690314511C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*", matchCriteriaId: "158B7A53-FEC1-4B42-A1E2-E83E99564B07", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*", matchCriteriaId: "3A378971-1A08-4914-B012-8E24DCDEFC68", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*", matchCriteriaId: "4E5CC012-DC85-481A-B82A-9323C19674DA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*", matchCriteriaId: "76CF59ED-685D-46CD-80A2-AEDA4F03FE53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*", matchCriteriaId: "960B07C0-E205-47E7-B578-46A0AF559D04", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*", matchCriteriaId: "A1A194E1-405E-47FA-8CDF-58EB78883ACC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*", matchCriteriaId: "2E628231-61FB-40AF-A20B-00F5CB78E63B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*", matchCriteriaId: "2EA25E92-2C76-4722-BA06-53F33C0D961C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*", matchCriteriaId: "51D2940A-0D03-415B-B72E-1F6862DDAC41", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*", matchCriteriaId: "8B346ADC-00BE-4409-B658-A11351D2A7D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*", matchCriteriaId: "5A0E44A9-C427-493B-868A-8A8DA405E759", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*", matchCriteriaId: "B2B31E7C-0EB3-4996-8859-DF94A3EE20B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*", matchCriteriaId: "3EAB3E03-275F-4942-9396-FC7A22F42C8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*", matchCriteriaId: "19DAD751-D170-4914-BAB2-6054DFEEF404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*", matchCriteriaId: "2F429F37-3576-4D8A-9901-359D65EC3CF4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F526DEF1-4A3E-4FE1-8153-E9252DAE5B92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C19679D0-F4DC-4130-AFFD-692E5130531A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "60D2FBF3-D8AB-41F0-B170-9E56FBF7E2F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F60324DD-8450-4B14-A7A1-0D5EA5163580", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*", matchCriteriaId: "12F6DFD1-273B-4292-A22C-F2BE0DD3FB3F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "13EA024C-97A4-4D33-BC3E-51DB77C51E76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "85289E35-C7C2-46D0-9BDC-10648DD2C86F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "17282822-C082-4FBC-B46D-468DCF8EF6B8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*", matchCriteriaId: "F5463DA6-5D44-4C32-B46C-E8A2ADD7646B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*", matchCriteriaId: "54A237CF-A439-4114-AF81-D75582F29573", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*", matchCriteriaId: "A37D19BF-E4F5-4AF4-8942-0C3B62C4BF2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*", matchCriteriaId: "EF25688B-6659-4C7C-866D-79AA1166AD7A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*", matchCriteriaId: "47B70741-90D9-4676-BF16-8A21E147F532", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "ED862A1B-E558-4D44-839C-270488E735BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2678AF98-1194-4810-9933-5BA50E409F88", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "37E7DEBD-9E47-4D08-86BC-D1B013450A98", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*", matchCriteriaId: "1A935862-18F7-45FE-B647-1A9BA454E304", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "69594997-2568-4C10-A411-69A50BFD175F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "1EC39E2D-C47B-4311-BC7B-130D432549F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "EE5E6CBE-D82C-4001-87CB-73DF526F0AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "460E6456-0E51-45BC-868E-DEEA5E3CD366", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "F7F58659-A318-42A0-83C5-8F09FCD78982", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*", matchCriteriaId: "D8A49E46-8501-4697-A17A-249A7D9F5A0B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*", matchCriteriaId: "5D81E7A9-0C2B-4603-91F0-ABF2380DBBA3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*", matchCriteriaId: "28B1524E-FDCA-4570-86DD-CE396271B232", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*", matchCriteriaId: "74DC6F28-BFEF-4D89-93D5-10072DAC39C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*", matchCriteriaId: "BA1D60D7-1B4A-4EEE-A26C-389D9271E005", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1D726F07-06F1-4B0A-B010-E607E0C2A280", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*", matchCriteriaId: "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*", matchCriteriaId: "41E168ED-D664-4749-805E-77644407EAFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*", matchCriteriaId: "DCD69468-8067-4A5D-B2B0-EC510D889AA0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*", matchCriteriaId: "85F22403-B4EE-4303-9C94-915D3E0AC944", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BBCA75A6-0A3E-4393-8884-9F3CE190641E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D619BF54-1BA9-45D0-A876-92D7010088A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*", matchCriteriaId: "808F8065-BD3A-4802-83F9-CE132EDB8D34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*", matchCriteriaId: "B236B13E-93B9-424E-926C-95D3DBC6CA5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*", matchCriteriaId: "8A63CC83-0A6E-4F33-A1BE-214A33B51518", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*", matchCriteriaId: "37DB7759-6529-46DE-B384-10F060D86A97", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*", matchCriteriaId: "8C640AD9-146E-488A-B166-A6BB940F97D3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*", matchCriteriaId: "DAC1FA7E-CB1B-46E5-A248-ABACECFBD6E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*", matchCriteriaId: "7C3BD5AF-9FC1-494B-A676-CC3D4B8EAC8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "F477CACA-2AA0-417C-830D-F2D3AE93153A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*", matchCriteriaId: "7E3BE5E1-A6B6-46C7-B93B-8A9F5AEA2731", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*", matchCriteriaId: "04E0BB7B-0716-4DBD-89B9-BA11AAD77C00", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*", matchCriteriaId: "64C98A76-0C31-45E7-882B-35AE0D2C5430", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "379F8D86-BE87-4250-9E85-494D331A0398", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "71F69E51-E59D-4AE3-B242-D6D2CFDB3F46", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "578DA613-8E15-4748-A4B7-646415449609", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "544EFAD6-CE2F-4E1D-9A00-043454B72889", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2E16DF9C-3B64-4220-82B6-6E20C7807BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B9CD5B8A-9846-48F1-9495-77081E44CBFC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "68E6CD49-6F71-4E17-B046-FBE91CE91CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0BDD8018-7E77-4C89-917E-ACDC678A7DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*", matchCriteriaId: "A7D39156-A47D-405E-8C02-CAE7D637F99A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*", matchCriteriaId: "5426FC59-411D-4963-AFEF-5B55F68B8958", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*", matchCriteriaId: "810E9A92-4302-4396-94D3-3003947DB2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "522C36A5-7520-4368-BD92-9AB577756493", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CB2EC4BE-FFAF-4605-8A96-2FEF35975540", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CA1D3C2A-E5FA-400C-AC01-27A3E5160477", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "63B27050-997B-4D54-8E5A-CE9E33904318", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "5ABF05B8-1B8A-4CCF-A1AD-D8602A247718", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2F74580D-0011-4ED9-9A00-B4CDB6685154", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "17A3C22E-1980-49B6-8985-9FA76A77A836", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B1AB42DC-CE58-448A-A6B5-56F31B15F4A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*", matchCriteriaId: "9DC32B55-0C76-4669-8EAD-DCC16355E887", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*", matchCriteriaId: "6CDA737F-337E-4C30-B68D-EF908A8D6840", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*", matchCriteriaId: "9DC5A89C-CCCF-49EC-B4FC-AB98ACB79233", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*", matchCriteriaId: "4BA4F513-CBA1-4523-978B-D498CEDAE0CF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*", matchCriteriaId: "6C53C6FD-B98E-4F7E-BA4D-391C90CF9E83", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*", matchCriteriaId: "D00F6719-2C73-4D8D-8505-B9922E8A4627", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*", matchCriteriaId: "EFE9210F-39C5-4828-9608-6905C1D378D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*", matchCriteriaId: "A1CEDCE4-CFD1-434B-B157-D63329CBA24A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "33660EB8-2984-4258-B8AD-141B7065C85E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "0ACA346D-5103-47F0-8BD9-7A8AD9B92E98", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "A38BDF03-23C8-4BB6-A44D-68818962E7CB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "3104C099-FEDA-466B-93CC-D55F058F7CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "890EA1C7-5990-4C71-857F-197E6F5B4089", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*", matchCriteriaId: "56F21CF4-83FE-4529-9871-0FDD70D3095E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B9331834-9EAD-46A1-9BD4-F4027E49D0C3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "0E707E44-12CD-46C3-9124-639D0265432E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "2FEE8482-DB64-4421-B646-9E5F560D1712", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "4385CE6E-6283-4621-BBD9-8E66E2A34843", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*", matchCriteriaId: "9A6CDBD4-889B-442D-B272-C8E9A1B6AEC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*", matchCriteriaId: "FF1E59F9-CF4F-4EFB-872C-5F503A04CCF4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*", matchCriteriaId: "1782219F-0C3D-45B7-80C7-D1DAA70D90B1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*", matchCriteriaId: "DDAB3BAD-1EC6-4101-A58D-42DA48D04D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*", matchCriteriaId: "8F7AA674-6BC2-490F-8D8A-F575B11F4BE0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*", matchCriteriaId: "6945C4DE-C070-453E-B641-2F5B9CFA3B6D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*", matchCriteriaId: "DAB8C7C0-D09B-4232-A88E-57D25AF45457", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*", matchCriteriaId: "ACEDB7B4-EBD4-4A37-9EE3-07EE3B46BE44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*", matchCriteriaId: "820D579C-AA45-4DC1-945A-748FFCD51CA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*", matchCriteriaId: "7B23A9A6-CD04-4D76-BE3F-AFAFBB525F5E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*", matchCriteriaId: "A44E6007-7A3A-4AD3-9A65-246C59B73FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*", matchCriteriaId: "3D508E51-4075-4E34-BB7C-65AF9D56B49F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "376D06D5-D68E-4FF0-97E5-CBA2165A05CF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*", matchCriteriaId: "18ED6B8F-2064-4BBA-A78D-4408F13C724D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*", matchCriteriaId: "94091FE3-AB88-4CF5-8C4C-77B349E716A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "91D62A73-21B5-4D16-A07A-69AED2D40CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "53F1314A-9A2C-43DC-8203-E4654EF013CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0ADE468B-8F0C-490D-BB4C-358D947BA8E4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "32FEE78D-309E-491D-9AB6-98005F1CBF49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "878D9901-675D-4444-B094-0BA505E7433F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "66E25EE4-AB7B-42BF-A703-0C2E83E83577", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*", matchCriteriaId: "D8F35520-F04A-4863-A1BC-0EDD2D1804F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "EF9855FD-7747-4D9E-9542-703B1EC9A382", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E07AF386-D8A5-44F5-A418-940C9F88A36A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "113C77DA-AC22-4D67-9812-8510EFC0A95F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "4BE221AB-A3B0-4CFF-9BC0-777773C2EF63", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "15941265-1E7E-4C3E-AF1D-027C5E0D3141", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "54AA2B0C-92A1-4B53-88D7-6E31120F5041", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD7207-85FB-4484-8720-4D11F296AC10", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "62E009C4-BE3E-4A14-91EF-8F667B2220A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*", matchCriteriaId: "088512E1-434D-4685-992E-192A98ECAD9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*", matchCriteriaId: "50A7BBC6-077C-4182-AA7A-577C4AAC3CD8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*", matchCriteriaId: "E0536F45-3A49-4F93-942E-AF679DFC7017", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*", matchCriteriaId: "3D54794B-6CD5-46D7-B9E9-62A642143562", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*", matchCriteriaId: "BE844DCA-FF52-43F5-BDD9-836A812A8CFF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*", matchCriteriaId: "07B261EB-CA63-4796-BD15-A6770FD68B34", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*", matchCriteriaId: "29F9067A-B86C-4A6B-ACB7-DB125E04B795", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*", matchCriteriaId: "FAC4CC92-8BA0-4D96-9C48-5E311CDED53F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*", matchCriteriaId: "8F2437A5-217A-4CD1-9B72-A31BDDC81F42", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "9C3CFF0D-BD70-4353-AE2F-6C55F8DE56A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*", matchCriteriaId: "2CE47760-0E71-4FCA-97D1-CF0BB71CAC17", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*", matchCriteriaId: "89B2D4F5-CB86-4B25-8C14-CED59E8A3F22", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*", matchCriteriaId: "B150B636-6267-4504-940F-DC37ABEFB082", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*", matchCriteriaId: "D00B9911-A7CA-467E-B7A3-3AF31828D5D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*", matchCriteriaId: "B67C08C3-412F-4B7F-B98C-EEAEE77CBE4B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6D428C9B-53E1-4D26-BB4D-57FDE02FA613", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*", matchCriteriaId: "CDB41596-FACF-440A-BB6C-8CAD792EC186", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*", matchCriteriaId: "D8C88EE2-5702-4E8B-A144-CB485435FD62", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1BC62844-C608-4DB1-A1AD-C1B55128C560", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*", matchCriteriaId: "EFF2FFA4-358A-4F33-BC67-A9EF8A30714E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*", matchCriteriaId: "53C0BBDE-795E-4754-BB96-4D6D4B5A804F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*", matchCriteriaId: "7A41E377-16F9-423F-8DC2-F6EDD54E1069", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*", matchCriteriaId: "F0C2789E-255B-45D9-9469-B5B549A01F53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*", matchCriteriaId: "EFAFEC61-2128-4BFA-992D-54742BD4911A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*", matchCriteriaId: "F12AF70E-2201-4F5D-A929-A1A057B74252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*", matchCriteriaId: "A2CBCDC4-02DF-47F4-A01C-7CBCB2FF0163", versionEndExcluding: "8.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*", matchCriteriaId: "C42D44C8-9894-4183-969B-B38FDA1FEDF9", versionEndExcluding: "3.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*", matchCriteriaId: "452D8730-F273-4AB4-9221-E82EC2CAAFD8", versionEndExcluding: "6.2.4.2", versionStartIncluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*", matchCriteriaId: "F2EF5054-EECB-4489-B27A-AACB96B25B97", versionEndExcluding: "6.4.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*", matchCriteriaId: "16E0A04D-30BE-4AB3-85A1-13AF614C425C", versionEndIncluding: "7.3.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", matchCriteriaId: "E0755E91-2F36-4EC3-8727-E8BF0427E663", versionEndExcluding: "13.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", }, { lang: "es", value: "Las características JNDI de Apache Log4j2 2.0-beta9 hasta 2.15.0 (excluyendo las versiones de seguridad 2.12.2, 2.12.3 y 2.3.1) utilizadas en la configuración, los mensajes de registro y los parámetros no protegen contra LDAP controlado por un atacante y otros puntos finales relacionados con JNDI. Un atacante que pueda controlar los mensajes de registro o los parámetros de los mensajes de registro puede ejecutar código arbitrario cargado desde servidores LDAP cuando la sustitución de la búsqueda de mensajes está habilitada. A partir de la versión 2.15.0 de log4j, este comportamiento ha sido deshabilitado por defecto. A partir de la versión 2.16.0 (junto con las versiones 2.12.2, 2.12.3 y 2.3.1), esta funcionalidad se ha eliminado por completo. Tenga en cuenta que esta vulnerabilidad es específica de log4j-core y no afecta a log4net, log4cxx u otros proyectos de Apache Logging Services", }, ], id: "CVE-2021-44228", lastModified: "2025-04-03T20:53:22.977", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-12-10T10:15:09.143", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/cisagov/log4j-affected-db", }, { source: "security@apache.org", tags: [ "Broken Link", "Product", "US Government Resource", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { source: "security@apache.org", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { source: "security@apache.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213189", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "security@apache.org", tags: [ "Broken Link", "Exploit", "Third Party Advisory", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", "Broken Link", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/cisagov/log4j-affected-db", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Product", "US Government Resource", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "Vendor Advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.apple.com/kb/HT213189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Exploit", "Third Party Advisory", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-917", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8506B4-287F-4430-86C5-3F122A83CA1C", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "46DE37E0-D799-4F2D-A22A-980649992E46", versionEndExcluding: "14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM & amp; P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de interfaz. Estas vulnerabilidades se presentan porque la interfaz de administración basada en web no comprueba apropiadamente la entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades al persuadir a un usuario de la interfaz a hacer clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2021-1408", lastModified: "2024-11-21T05:44:17.287", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.797", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-06 21:15
Modified
2024-11-21 06:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "B16C9BB8-CCD7-4E65-A6D4-DA8B6AE55961", versionEndExcluding: "12.5\\(1\\)su6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "E19FE5ED-0E95-447C-A403-CDBADB2888F3", versionEndExcluding: "12.5\\(1\\)su6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "90259C71-D12C-4E4D-99B1-94CB7273608C", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "8856CD06-9CD4-43EF-8D64-A8D0FDE09696", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante remoto autenticado leer archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. Esta vulnerabilidad es debido a que no es comprobada correctamente la entrada proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada que contenga secuencias de caracteres para saltar directorios a un sistema afectado. Una explotación con éxito podría permitir al atacante acceder a archivos confidenciales en el sistema operativo", }, ], id: "CVE-2022-20862", lastModified: "2024-11-21T06:43:42.403", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T21:15:11.847", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-23", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.", }, { lang: "es", value: "El componente Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos evadir autenticación y modificar información de dispositivo registrado a través de datos manipulados, también conocido como Bug ID CSCum95468.", }, ], id: "CVE-2014-0743", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-27T01:55:03.367", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029843", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.", }, { lang: "es", value: "La aplicación web log4jinit en Cisco Unified Communications Manager (UCM) no valida adecuadamente la autenticación, lo que permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) a través del uso no especificado de esta aplicación, también conocido como Bug ID CSCum05347.", }, ], id: "CVE-2014-0722", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.450", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_\&_presence_service | * | |
| cisco | unity_connection | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8506B4-287F-4430-86C5-3F122A83CA1C", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "46DE37E0-D799-4F2D-A22A-980649992E46", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "1BBC30AD-79E5-4FA1-B868-0304A12040DC", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "6313AB2B-8CBB-48FF-BCBF-B24DE98855EF", versionEndExcluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM & amp; P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de interfaz. Estas vulnerabilidades se presentan porque la interfaz de administración basada en web no comprueba apropiadamente la entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades al persuadir a un usuario de la interfaz a hacer clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código de script de comandos arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2021-1380", lastModified: "2024-11-21T05:44:13.247", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.233", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-26 17:41
Modified
2025-04-09 00:30
Severity ?
Summary
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6D27236B-0B95-4899-B1AF-0E75D8B6044F", versionEndExcluding: "4.2\\(3\\)sr4", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C428C26F-7960-4884-8202-372EBC214506", versionEndExcluding: "4.3\\(2\\)sr1", versionStartIncluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DB3C4551-63D4-4FB6-9871-8E9C8E634B86", versionEndExcluding: "5.1\\(3c\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C9E12823-198D-41FC-969E-2304CDC39EFC", versionEndExcluding: "6.1\\(2\\)", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.", }, { lang: "es", value: "El Servicio Real-Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) versiones anteriores a la 4.2(3)SR4 y 4.3 versiones anterieos a la 4.3(2)SR1, permite a atacantes remotos evitar la autenticación y obtener información sobre la configuración en cluster y estadísticas, a través de una conexión directa TCP al puerto de servicio, también conocida como Bug ID CSCsq35151.", }, ], id: "CVE-2008-2062", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-26T17:41:00.000", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30848", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29935", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020361", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "B860F1E1-E295-4B71-B396-14286611EA36", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2\\):*:*:*:*:*:*", matchCriteriaId: "E194E6EC-282D-4C8E-96E3-00D64FCD8C6C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2a\\):*:*:*:*:*:*", matchCriteriaId: "5B2EA451-EE18-440A-924A-556A2EC74300", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2b\\):*:*:*:*:*:*", matchCriteriaId: "8950C510-38F3-4040-8871-C085DDECF5B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(3a\\):*:*:*:*:*:*", matchCriteriaId: "7101A008-3F3C-4ABB-B4FC-25BDA8809C87", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "156F822A-08CB-4EE2-9054-18F649D96C39", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "53CBD1E5-46C6-4F31-867A-118227EB0473", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.", }, { lang: "es", value: "Fugas de memoria en el servicio Certificate Trust List (CTL) Provider de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria e interrupción del servicio) a través de una serie de paquetes TCP malformados, como lo demostrado por TCPFUZZ, también conocido como Bug ID CSCsj80609.", }, ], id: "CVE-2008-1742", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-02-14 12:00
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 5.0 | |
| cisco | unified_callmanager | 5.0\(1\) | |
| cisco | unified_callmanager | 5.0\(2\) | |
| cisco | unified_callmanager | 5.0\(3\) | |
| cisco | unified_callmanager | 5.0\(3a\) | |
| cisco | unified_callmanager | 5.0\(4\) | |
| cisco | unified_callmanager | 5.0_4a | |
| cisco | unified_callmanager | 5.1 | |
| cisco | unified_callmanager | 6.0 | |
| cisco | unified_communications_manager | 5.0 | |
| cisco | unified_communications_manager | 5.0_1 | |
| cisco | unified_communications_manager | 5.0_2 | |
| cisco | unified_communications_manager | 5.0_3 | |
| cisco | unified_communications_manager | 5.0_3a | |
| cisco | unified_communications_manager | 5.0_4 | |
| cisco | unified_communications_manager | 5.0_4a | |
| cisco | unified_communications_manager | 5.0_4a_su1 | |
| cisco | unified_communications_manager | 6.0 | |
| cisco | unified_communications_manager | 6.0_1 | |
| cisco | unified_communications_manager | 6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "37FEF567-5F92-40BB-8581-3FCF584AAA1A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E9211420-9F35-4872-879A-5F7CA29C6299", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "D7DD4B55-4C68-45CD-988E-D470C26E5E71", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "BC32C417-3E61-4892-9A42-C31C6D62F09D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0_4a:*:*:*:*:*:*:*", matchCriteriaId: "97694D13-B0A4-4AE4-9142-76F6B7C446C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "8DC17139-DB98-4C59-B29B-1B792C67EB97", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "3D748F22-A917-4EE3-B523-13419D826EF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:*", matchCriteriaId: "CFE62DB5-943D-43B5-BD13-D74DAA122578", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:*", matchCriteriaId: "D2D76BC6-1A59-4D74-A7C9-8C05D96E01F8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:*", matchCriteriaId: "788BDB54-0970-468F-9713-14B097E1A863", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:*", matchCriteriaId: "3CAE1371-F46C-4DFD-A4A4-D609E93C4740", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:*", matchCriteriaId: "E7AC2F39-C029-4FAB-A963-0C7F1D5A8067", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:*", matchCriteriaId: "62781360-15FC-4E40-AEF8-BF01606A671B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:*", matchCriteriaId: "08E03DCC-4DCB-4830-943F-05F7E3BB49EF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*", matchCriteriaId: "05F443F9-B454-42B3-8464-ACEA40066DF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.", }, { lang: "es", value: "Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro key en las páginas de interfaz de (1) administrador y (2) usuario.", }, ], id: "CVE-2008-0026", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-02-14T12:00:00.000", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28932", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/27775", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1019404", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/0542", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/28932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/27775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1019404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2008/0542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-21 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.0s:*:*:*:*:*:*:*", matchCriteriaId: "E659A9C2-4E00-45F3-8F70-D9E18CDEE8D1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1s:*:*:*:*:*:*:*", matchCriteriaId: "4B359E9A-65D2-447D-AA44-BEA158622923", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1xbs:*:*:*:*:*:*:*", matchCriteriaId: "B217F6BD-D867-459A-AC5E-760F0BD36602", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2s:*:*:*:*:*:*:*", matchCriteriaId: "8E1B040D-CE1A-41A3-B0E9-1AA0CFC29899", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2ts:*:*:*:*:*:*:*", matchCriteriaId: "FF2DB331-8EF3-4AC2-874D-360F439741E5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.4s:*:*:*:*:*:*:*", matchCriteriaId: "FD279792-84E4-4E9C-9DBD-2E0689279981", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.5s:*:*:*:*:*:*:*", matchCriteriaId: "67CF54E1-2890-4F70-81A1-04AFB98CC2BD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.6s:*:*:*:*:*:*:*", matchCriteriaId: "137FCB00-9FD5-4C45-9DE4-EC4BB2679049", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.7s:*:*:*:*:*:*:*", matchCriteriaId: "210240F9-5C68-4178-A785-60A606C32FC6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.0s:*:*:*:*:*:*:*", matchCriteriaId: "186A4D4A-5977-45BC-A054-72B20FA574FC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.1s:*:*:*:*:*:*:*", matchCriteriaId: "4DEF72D7-D889-4197-8469-A849050DE808", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.2s:*:*:*:*:*:*:*", matchCriteriaId: "737754AA-C961-433E-B9D0-7C7ED0310F0A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.3s:*:*:*:*:*:*:*", matchCriteriaId: "AFCFC44D-F618-457B-BD53-F09224F1C599", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.4s:*:*:*:*:*:*:*", matchCriteriaId: "8BC5C495-4CFE-4126-A358-5E4B40D17CC2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0s:*:*:*:*:*:*:*", matchCriteriaId: "663B2239-BC08-4C0C-A16C-FA7CFD0B1F1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.1s:*:*:*:*:*:*:*", matchCriteriaId: "27806BF7-0971-4F71-A0CC-A9FADEF40F22", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.4s:*:*:*:*:*:*:*", matchCriteriaId: "42425169-F2EE-4157-9AA6-CF1B4FD12B72", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.0s:*:*:*:*:*:*:*", matchCriteriaId: "3E1BE381-4C2A-45B1-9647-FB1581BF687A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1s:*:*:*:*:*:*:*", matchCriteriaId: "FD1C0761-BC14-4FD7-B852-88EAB4E78F83", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.2s:*:*:*:*:*:*:*", matchCriteriaId: "D9C5187C-C7E0-4446-B528-C5DE1AAB90ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:webex_meeting_center:base:*:*:*:*:*:*:*", matchCriteriaId: "28A6CA7D-D7C8-4ECC-B5F1-200209A6892F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:dx_series_ip_phones_firmware:9.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "EDDBE37A-683F-4A7F-98DB-BBE6704F4A0E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ip_phone_7800_series_firmware:10.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B0BBC8C6-00BA-42A2-8AEB-8713F1B839C2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "05ED7BA0-6B55-4A04-BBAF-102B99248302", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "49CF653C-B5F5-427B-9FE9-D34D7B92AA13", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_6900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E87AAF0C-E9D4-4195-8343-CEEC9C52E75C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7900_series_firmware:9.9\\(9.99001.1\\):*:*:*:*:*:*:*", matchCriteriaId: "FB845296-F772-4A6E-98DC-68D7C2FA5686", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_7900_series_firmware:9.9_base:*:*:*:*:*:*:*", matchCriteriaId: "A4CF2229-FB0B-40BA-B821-49CB26F458D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(1\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "49B899D8-4784-483D-A833-C72371CEC12C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "3E7619E1-E4A2-43B3-AF98-4917587C856E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "84ED85A1-D16F-4F8D-82C6-2E414EE2F590", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.1\\(1\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "F2ED0C9E-118A-4C01-8788-6E6FD65CE60B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "C420DA10-774A-4D38-A087-AFA6C52BB666", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F5456A29-0F99-427E-A181-C562B0BE837D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "C4E0532D-53EC-471F-9689-1EE0248FBD10", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(2\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "8AA8A4E5-7E14-4BE9-AB2C-C2F6EB4E5F0F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "68D74C73-E5E7-47BA-BA21-24E09E7A599F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "DCA1FEE7-49E7-4065-BDA6-83F3D4CAC872", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D14B1890-F038-4B20-9BDF-03676C148E90", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "65D8F5AD-8676-4EFE-B4D1-93039F500C01", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(2\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "68CE6B62-66F8-4DD0-B245-5E7D5323EC0C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "19516CAF-9167-47D8-A926-26A95CB19669", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CA675CA8-56A1-4D47-94F3-04C974FF2DA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(1\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "BF575CF9-F701-439D-8B58-DFD2625B87ED", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "9ED2689D-A5CA-4B90-A336-BE3C850E4992", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "60ADF922-B1CE-4FFB-ADAF-48EDADC06F32", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(6\\):*:*:*:*:*:*:*", matchCriteriaId: "03132810-121C-4210-8FE8-D8C49F9B5F9E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(7\\):*:*:*:*:*:*:*", matchCriteriaId: "8A0526B5-646B-4115-BA28-774AB6334DA3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(8\\):*:*:*:*:*:*:*", matchCriteriaId: "180F4593-7F86-4702-B248-A3D0AB20D675", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(9\\):*:*:*:*:*:*:*", matchCriteriaId: "51CF8E3E-6D57-4DD7-91B7-7C6ADCDC1B55", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0_base:*:*:*:*:*:*:*", matchCriteriaId: "638A6537-62E1-4757-B857-603FA5C80C39", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:2.0_base:*:*:*:*:*:*:*", matchCriteriaId: "551A4418-B9BD-4F22-ABF6-C981E3B4D91E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.0.104:*:*:*:*:*:*:*", matchCriteriaId: "200F740F-9D7D-4A64-AE1F-276CF58241C2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*", matchCriteriaId: "70158003-F6CA-4A5C-893C-BF885A388D31", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "8F2C8AFA-A4B6-44A2-B00C-1950997493C0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.11:*:*:*:*:*:*:*", matchCriteriaId: "6297451E-196E-4C6D-9186-451BB42CAE8C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*", matchCriteriaId: "465313C5-BFB9-458A-8150-8F7BA1F8C386", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.9:*:*:*:*:*:*:*", matchCriteriaId: "BF399187-270F-4560-9C09-DF18132FA427", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*", matchCriteriaId: "EE7A928A-2CBA-43BC-B312-975EE9E24830", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*", matchCriteriaId: "4CF721BA-25FF-485E-9102-5741AC9BC9B1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*", matchCriteriaId: "3F34D78E-68C9-4372-85F2-E74A1C8C06F3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*", matchCriteriaId: "05748A45-8423-42F4-8F95-7BA83548C4E9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*", matchCriteriaId: "1C15D1F6-997D-47FD-A654-AEF3332E6105", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*", matchCriteriaId: "FA3E5F50-CBD1-4516-BC97-3AF59DB39A84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*", matchCriteriaId: "62B54134-5AC7-4D7E-A7F1-D4C2057FF146", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*", matchCriteriaId: "1AFE499E-09BB-4C86-AC74-7568B2D3CA51", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*", matchCriteriaId: "6A0B5BF7-18FB-4066-947E-7352B9951AFD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*", matchCriteriaId: "B42DD43A-B6BD-4C2B-BA57-928501C62388", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*", matchCriteriaId: "BDE65B75-4987-4E77-8814-F7BC9875924A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*", matchCriteriaId: "C890603E-6634-46E2-AFA9-ADE8ED1B9E41", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*", matchCriteriaId: "AEBAB79E-83BF-4AD1-875B-D015A18ECB82", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*", matchCriteriaId: "9DA41C5E-F854-4729-9498-C54FA5C00664", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*", matchCriteriaId: "7B08E743-488A-4F99-ABA6-98AD534B603B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*", matchCriteriaId: "978A0B9D-1B1D-4E22-893C-52DE75247BA6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*", matchCriteriaId: "FD17927A-7AFA-4177-A34E-5FEB7A9400AC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.50:*:*:*:*:*:*:*", matchCriteriaId: "1E4B884F-EDE6-4055-83D8-609D2D1E518F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.52:*:*:*:*:*:*:*", matchCriteriaId: "8570FBED-D38F-49ED-8C6A-E241BF7E1274", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.55:*:*:*:*:*:*:*", matchCriteriaId: "F2889989-8D9C-4E06-8477-8BCF6DC7D84A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.57:*:*:*:*:*:*:*", matchCriteriaId: "02E9724F-AD95-4572-BD8F-27B71F8EBC5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1:*:*:*:*:*:*:*", matchCriteriaId: "5990B883-0B5A-44F0-B4DC-8031ED0F2026", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "9BA74460-D26D-4C0A-B697-DF9003096065", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "90BEB7A8-B2DB-46EB-9265-AB88476B1002", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "1DF80D39-35D2-447C-A809-E4C819FEEF25", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2:*:*:*:*:*:*:*", matchCriteriaId: "C7F417BC-5835-4F29-8DB6-03A62B7B2364", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "D90599A3-F885-414E-94F9-B4AECEB34D31", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "0185F882-E031-4B16-8DB3-62F76FBB78C6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.23:*:*:*:*:*:*:*", matchCriteriaId: "092FB46B-A4A4-40E5-B474-4FC36ADC427C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.25:*:*:*:*:*:*:*", matchCriteriaId: "EEB27EFB-BF82-493D-ADF2-7395B4E2A55F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.31:*:*:*:*:*:*:*", matchCriteriaId: "0AD84D98-1B98-454C-AF63-DE5E76E17C8F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.33:*:*:*:*:*:*:*", matchCriteriaId: "9D975A3B-0B3C-44E6-BE9C-AA73CF97AF78", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.34:*:*:*:*:*:*:*", matchCriteriaId: "7DAF32AF-EF06-4663-BFBE-1334D491A212", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.37:*:*:*:*:*:*:*", matchCriteriaId: "F9FB85D8-B247-4921-AE49-C2A1C2FDEB5E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.39:*:*:*:*:*:*:*", matchCriteriaId: "29BA59C8-F3D0-4B94-824B-F3CDAB465D30", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.40:*:*:*:*:*:*:*", matchCriteriaId: "EBF3C75D-751C-444F-A4AF-303409B22B1A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.41:*:*:*:*:*:*:*", matchCriteriaId: "D7CD6FE3-1B32-461E-9215-0F016798B61E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.44:*:*:*:*:*:*:*", matchCriteriaId: "22552CF4-01F8-46A8-ADD4-7BABFA574330", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FA1C5485-EAF4-4F4D-AFA1-E105F433665E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*", matchCriteriaId: "989F9AC4-C2D1-49A0-95C3-79A4EB827E07", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BFE2E079-D7AC-4FE9-8938-A75C12AF5CA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*", matchCriteriaId: "B442C852-2465-4EA8-A977-1F10A4CE23AA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*", matchCriteriaId: "C6DB6ED4-3095-46C1-9CB6-2975A7B05303", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "EE68CD8E-B9CF-4519-8B0E-4C4488B34887", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*", matchCriteriaId: "D762C9A7-005C-44FD-9BB2-7A1DD4EBE90B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*", matchCriteriaId: "EE0B1212-87F3-46E5-B14A-C0C6BBAAAC98", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*", matchCriteriaId: "518D4826-06B0-4DDC-B082-A536418FD292", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*", matchCriteriaId: "E343DE08-58FA-4C39-99F9-8CB5F57D0CD8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*", matchCriteriaId: "76363698-DB62-4D92-8EE4-069891A9F92C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "6159BEE3-D097-4E07-9962-06DB740E2AE3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*", matchCriteriaId: "FD606591-F69A-47AD-9256-20B98CA16135", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A4EF3895-F372-45D3-9C7D-15F5C4712D08", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*", matchCriteriaId: "4DC5960D-B917-4ABA-850F-A710676ACB40", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*", matchCriteriaId: "B746A138-6650-49A3-87C8-3728FE5CF215", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*", matchCriteriaId: "E50C2A13-5A8B-4FA5-ABB8-1157E560503B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*", matchCriteriaId: "909F9D55-9276-4CF1-BC63-7CEEF8F25C21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*", matchCriteriaId: "F383D276-D5EC-4335-AC09-9D30F6443AF0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*", matchCriteriaId: "39C2A7FF-6AC3-42B5-954A-9AA5950C523A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.15:*:*:*:*:*:*:*", matchCriteriaId: "9D7F36A8-C291-423D-AF28-56AAD8D0F712", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.22:*:*:*:*:*:*:*", matchCriteriaId: "3C2009F4-F832-49D6-8346-54A7328BD93B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.23:*:*:*:*:*:*:*", matchCriteriaId: "C9221DD4-498A-4867-B647-47E42299CE45", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.26:*:*:*:*:*:*:*", matchCriteriaId: "B839A425-E08C-41B1-9270-E177E40B1E27", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.28:*:*:*:*:*:*:*", matchCriteriaId: "8F4DDF53-0995-4971-A980-30FD15A40C78", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.29:*:*:*:*:*:*:*", matchCriteriaId: "2F3BD921-A58A-47EB-B90D-21C3A5D02D40", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "800FE449-350D-4C4C-A8C2-D4C5A3B59F36", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C49BF8F7-5ACE-4D90-8F17-1AA9D3A2FD7C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.6:*:*:*:*:*:*:*", matchCriteriaId: "8CE6D050-F186-492C-9813-895433B2612A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.7:*:*:*:*:*:*:*", matchCriteriaId: "6157AA5C-8297-4A32-B0A8-1E7E801E9CD5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.14:*:*:*:*:*:*:*", matchCriteriaId: "F5A13091-02C6-4D98-90C9-ED4C43BDAFAE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.17:*:*:*:*:*:*:*", matchCriteriaId: "F2C3E0E1-C3F3-4D53-8116-7D1AF3CD53CD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.18:*:*:*:*:*:*:*", matchCriteriaId: "59F3DB48-E1EE-44E9-85DE-9FD7D5C59B4F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.19:*:*:*:*:*:*:*", matchCriteriaId: "27E064BD-CBC0-4556-9BCF-87D808809237", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.21:*:*:*:*:*:*:*", matchCriteriaId: "63D5DC14-187B-4808-8377-5FF44A11AA3E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.24:*:*:*:*:*:*:*", matchCriteriaId: "64079FC4-53D8-4DBF-A2D5-2CED256F4939", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1:*:*:*:*:*:*:*", matchCriteriaId: "3FF969BE-46BB-4AD7-85AB-8384426E9551", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F8EEA7A5-67FD-4CA4-8FF8-4B17A9C47B61", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "94E618B3-DD03-4ECD-AB9B-97F1EDF95E79", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.5:*:*:*:*:*:*:*", matchCriteriaId: "0D0DFE19-1C68-40E6-B8CD-9CC03F8B4281", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.10:*:*:*:*:*:*:*", matchCriteriaId: "20424324-881A-496B-BC55-62AA75994249", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.12:*:*:*:*:*:*:*", matchCriteriaId: "D67012F3-5153-400E-BD6F-EB0949875F2B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.13:*:*:*:*:*:*:*", matchCriteriaId: "E40E9AB5-26E0-4BA2-9AFA-496BAA0EAC77", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.14:*:*:*:*:*:*:*", matchCriteriaId: "A6BA4B2D-187A-47EC-8BE1-7EA178549476", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.17:*:*:*:*:*:*:*", matchCriteriaId: "3CF52FB9-4EA9-41A7-AD29-E963C09FC98C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*", matchCriteriaId: "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.1:*:*:*:*:*:*:*", matchCriteriaId: "75B5CF41-7F01-4AE9-B54B-8DB6909504B6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*", matchCriteriaId: "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*", matchCriteriaId: "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.8:*:*:*:*:*:*:*", matchCriteriaId: "83FA6817-C5B7-410F-9CF7-801CC958C12E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*", matchCriteriaId: "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*", matchCriteriaId: "3768E4B0-E457-47AB-99B0-7C1A0E0CBE35", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.16:*:*:*:*:*:*:*", matchCriteriaId: "5D142088-0265-4987-8F5C-029F3DD06A18", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.17:*:*:*:*:*:*:*", matchCriteriaId: "76EDEE39-865D-4DA3-B1C9-033F2FF1A56F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "500ED3CC-4FE8-4A24-ACFE-8D7E35E50D22", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BD2AE76B-D04E-4D0C-85E4-8AD07F7BDEDB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*", matchCriteriaId: "A6E1C03C-0737-4E2B-B3F9-10770281F4AA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5C7052D2-0789-4A4D-917D-FCD894B7280F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*", matchCriteriaId: "0956F0A8-7424-437C-AAD8-203183BEBFCC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*", matchCriteriaId: "49FB57F9-5B37-4509-B2EB-6A16DFE11F03", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "952F6504-9CD0-453E-8C25-02BB9EE818F6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E842AF74-D1E3-4F71-80F9-197B38942405", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "A0B97FB1-CC3A-40B5-853D-476E6C5D9D6A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "3F6293A8-C21E-46F6-ACC1-6BBAD419B41F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.17:*:*:*:*:*:*:*", matchCriteriaId: "CC1A48B1-112A-41C2-BC01-BCCF5794553D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.20:*:*:*:*:*:*:*", matchCriteriaId: "D2AE7036-C8EE-441F-94A4-DE8A9E89CA8C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.24:*:*:*:*:*:*:*", matchCriteriaId: "6448B4B4-022D-4D4A-A6DE-0090CEA12595", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.26:*:*:*:*:*:*:*", matchCriteriaId: "42813600-3186-4D19-8AF2-F4F98D3C6740", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.29:*:*:*:*:*:*:*", matchCriteriaId: "BC0969E6-151D-4298-8EC8-68D7880E994B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.33:*:*:*:*:*:*:*", matchCriteriaId: "4A0091CE-3386-4CCC-A2A8-900842EA6F51", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.35:*:*:*:*:*:*:*", matchCriteriaId: "B5A450E0-09E4-44C5-B55C-78A4BDAADA45", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.37:*:*:*:*:*:*:*", matchCriteriaId: "8285C95A-316D-4965-A34D-3BCB9AB83FA1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4714F698-BBAE-47BB-99E8-F90D22415EDD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1.4:*:*:*:*:*:*:*", matchCriteriaId: "EB55BC7E-0B3F-4202-8768-08F27B763926", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:*", matchCriteriaId: "CFB01683-C482-4A5B-90FA-B5266BEA452E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2.8:*:*:*:*:*:*:*", matchCriteriaId: "DA16481A-4A47-4A8E-8C78-87B3A171280A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3:*:*:*:*:*:*:*", matchCriteriaId: "8C0258ED-6ED0-49C7-A13A-368711649FFF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "1B7A71AA-E1A6-47B7-B2B2-A3115CAA4058", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4:*:*:*:*:*:*:*", matchCriteriaId: "D448BB56-5B2E-4B3E-B7E8-1F4991F23D81", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4.5:*:*:*:*:*:*:*", matchCriteriaId: "E0346EAC-BDD1-4DC5-B8CA-20579C44AFE4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5:*:*:*:*:*:*:*", matchCriteriaId: "2049D602-54F1-4072-936E-0D7E337162B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.10:*:*:*:*:*:*:*", matchCriteriaId: "0710D6C8-AD34-43E2-B72B-315FFF3DC34F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.12:*:*:*:*:*:*:*", matchCriteriaId: "70F8F1D2-2196-44C4-B420-824F49BB4ACF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.15:*:*:*:*:*:*:*", matchCriteriaId: "5E14B8D3-6D53-4E84-9B5D-24667B192C4B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.21:*:*:*:*:*:*:*", matchCriteriaId: "A05B2DFD-A0EF-42BE-B00B-334E78CA8C10", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6:*:*:*:*:*:*:*", matchCriteriaId: "F4CC96C9-492F-49CB-BEFE-356581E96B3C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.1:*:*:*:*:*:*:*", matchCriteriaId: "78F1F7D4-EC51-47D1-A71A-9EF98C51D388", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.4:*:*:*:*:*:*:*", matchCriteriaId: "0D5E93DE-06C0-401C-8062-1B2EB6EFDED6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.6:*:*:*:*:*:*:*", matchCriteriaId: "3E5EBFAB-25E2-4245-B748-92CAA943D4C0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.8:*:*:*:*:*:*:*", matchCriteriaId: "B8BFB446-5747-42BB-98BC-B8DF250F1842", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:*", matchCriteriaId: "1EF48794-2E5D-4BE0-9BB5-49ADE34F4A82", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.0\\):*:*:*:*:*:*:*", matchCriteriaId: "A3A13A9C-5387-4670-8E20-FE878946D091", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.104\\):*:*:*:*:*:*:*", matchCriteriaId: "9F7C7DA3-C24B-41BB-BDBE-7DC58EEAC4F8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(3.1\\):*:*:*:*:*:*:*", matchCriteriaId: "AFC39DA3-8171-4344-A946-7965873C56F3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9C31567-8AEB-49C6-AA60-4150411D62AA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*", matchCriteriaId: "CA140CB2-C17C-4164-A59A-8585906057BA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*", matchCriteriaId: "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:*", matchCriteriaId: "7BAAC9FE-CCF0-4385-B5E9-FC424CD3EFD5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:*", matchCriteriaId: "5C9DEB1C-F9B9-4291-92B5-8EEEADC57E51", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:*", matchCriteriaId: "39330218-32FA-42FF-B5CA-288B7D140304", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.3:*:*:*:*:*:*:*", matchCriteriaId: "A92D7CED-D036-414B-B9EB-DCAF7F425A7D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.4:*:*:*:*:*:*:*", matchCriteriaId: "C4AAAB02-140D-46F2-A315-5791BF5A853F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4:*:*:*:*:*:*:*", matchCriteriaId: "2EB02DBE-6D60-4D0E-8E9D-7611C3C32748", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.50\\):*:*:*:*:*:*:*", matchCriteriaId: "1E044883-9952-477A-B2AA-3E0BB90C96A0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.105\\):*:*:*:*:*:*:*", matchCriteriaId: "2E26A1B0-D61C-4A25-8E10-02A2E3E7A02B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.100\\):*:*:*:*:*:*:*", matchCriteriaId: "6F4A28B7-87A2-464A-92A8-644E3F7D13D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.243\\):*:*:*:*:*:*:*", matchCriteriaId: "8D83ED80-972A-4548-9AB0-10F9A23DF749", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "26D99395-D18D-458E-9880-19B7767F69D0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2:*:*:*:*:*:*:*", matchCriteriaId: "ED33F68A-9EB0-416A-A0A5-0DF2C349FFEE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "7F7DD812-DC72-4816-8B0F-361C32B2CD2F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3:*:*:*:*:*:*:*", matchCriteriaId: "EC41D4CD-D5EA-4678-B3AA-962C7C937118", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "996C9552-5743-4639-A077-5B057605DF21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "A5779CE0-7691-47DA-902C-4D32D6650C9D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "0C69BE69-7C19-4ED3-98D3-04B1D41E56FE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.5:*:*:*:*:*:*:*", matchCriteriaId: "AFE9F46B-DD74-4295-BB6A-9239E29F4416", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unity_connection:1.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2541F3D6-BD69-47D6-8070-DDCEDEE7F497", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:1.2_base:*:*:*:*:*:*:*", matchCriteriaId: "5B38FA24-E514-40CA-A28E-C72440B0637A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:2.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "BCD675A5-D5FD-464A-8DBA-69687609913D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:2.0_base:*:*:*:*:*:*:*", matchCriteriaId: "D5E48B3D-0CFF-49AD-AD7C-C54F8BDD8748", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:2.1_base:*:*:*:*:*:*:*", matchCriteriaId: "74E91D00-4862-41B7-AC81-98BED5B41DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.0_base:*:*:*:*:*:*:*", matchCriteriaId: "8801B286-C800-44EF-9B0D-E6B4A42C8CAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "83C049EE-23C2-4FBE-A94A-DB5EA2BCC113", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "B52ADDA2-D366-474C-AE65-83998FED89F2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "6CBE0184-2D1B-4DA2-B1B6-59B3E013557A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "51C6DED4-9D0D-4FE3-BC94-BE1B6CBCCB5E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "2FBF4DF8-EA6E-4160-918C-8938188E22E9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "0591D082-7290-476D-A0B8-DEA649AE661D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "8CB1C1C9-5F1A-40F7-BEB0-66B1793C538C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "B69719BD-D624-479A-BF75-04A6D1691585", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "851E3C54-848C-4D6A-AC2E-9FADC3377377", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "90C04291-80AC-4804-86DE-D7D5653F3824", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "CFC6E1B0-2BEB-45C1-90F5-F79D1FBC714A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "95F18323-F108-4816-8AC5-F8CBADCDB06E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "FE18C174-CFDF-48E9-B46B-696BDCF6F02E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "5EE964E1-0A54-49C4-A1EC-5707DBADC4B1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "A0610189-1E2D-4CED-AB12-E80E7F9F1930", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "E56D2B86-DAC0-4E3C-A13C-4908D4312487", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7026853F-6467-41C8-AE31-B8742D230473", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9DB6DB1C-9493-4FE6-BBED-11C5B0BDCAE5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "286C8ECF-BFEB-41BD-8286-595B27AB5CB5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "6106891F-A7EF-4380-AF53-F644C637487E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "B8C9FCF4-3F53-4805-B564-40AF29140804", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "DAA60E66-4CC6-4FEE-A876-ABF53F54908C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su6a:*:*:*:*:*:*:*", matchCriteriaId: "CEB3A0EE-0191-4BF5-96DB-F417F0533740", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1.5es33.32900-33:*:*:*:*:*:*:*", matchCriteriaId: "77F37DEF-08E5-4F54-89B0-3E0CA4FBE4AD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:7.1_base:*:*:*:*:*:*:*", matchCriteriaId: "5B58CC96-2E5E-42E9-9252-49271AC052D8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.0_base:*:*:*:*:*:*:*", matchCriteriaId: "93141BE8-20AB-42DC-9838-8FE00F215342", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "101FCDD0-DC91-4111-975E-DE618D3B4E9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "D386D8CD-D6EA-4705-ABDC-EA6558F5AC30", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D4B1917B-197C-4E28-9356-2ACC4C4DB932", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "5567A000-338E-40D7-9481-674B8FFC142D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "AA991A88-D49E-4957-B404-6E3C15C96994", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "BECA1F06-6FFD-4A0D-B140-B25E39FB8513", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "2ADCE50E-87C1-49D7-B127-92174327EAB4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", matchCriteriaId: "8D11810A-80D7-41BB-B370-30218FF52F17", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C547C041-6C58-44D5-93D7-C02E04E93994", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "C40F61A6-A992-4DA4-9730-D145055596C2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "78970987-BD6E-48A0-AF43-540C925E1F97", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "632B8CDD-5ACC-4FFB-950B-480CC43D192D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "7740A5EF-538E-4095-91F5-E4DC03EDB35B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D805DD4A-269D-4399-B6BF-7F40F98C3BE0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A06A53BA-668B-41C0-B223-6637487EF113", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", matchCriteriaId: "82B3ABB4-A33A-4886-9871-C24B33B3AEE2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6793E1F6-DC57-4A13-B49D-0ED45E48426C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "50CD06E4-0C09-4DD7-B106-56DC680CE333", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:9.1\\(1.10\\):*:*:*:*:*:*:*", matchCriteriaId: "612C46BC-40CC-47F6-9166-4001144FB311", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A49C1C0B-4B2A-4F13-996D-E3ED1F96C2A6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*", matchCriteriaId: "C5CC8FF5-F0FA-41E8-AD78-D277AB9776DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "02F5AF19-C869-4A55-B4D7-38C0FFABCC6C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:10.5\\(2.3009\\):*:*:*:*:*:*:*", matchCriteriaId: "0C9B5432-11E5-4800-BB0F-48DFCAF409FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:10.5_base:*:*:*:*:*:*:*", matchCriteriaId: "2A358C37-6257-41E6-90ED-61CDE709F085", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.225\\):*:*:*:*:*:*:*", matchCriteriaId: "1961B4F5-C2E1-41C3-AD4A-F3ABA03EFD7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.332\\):*:*:*:*:*:*:*", matchCriteriaId: "0E9973BA-EC31-459A-9E10-4C0F6D5D6C4D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.0_0:*:*:*:*:*:*:*", matchCriteriaId: "14E894A4-3F92-4AA3-8E48-4223DBC3B2EE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5\\(0.98\\):*:*:*:*:*:*:*", matchCriteriaId: "93B09544-1D66-4ECD-9346-81EA5E2373E2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5\\(0.199\\):*:*:*:*:*:*:*", matchCriteriaId: "0B4971DD-92BD-4F11-A290-F3F0258A4432", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:11.5_base:*:*:*:*:*:*:*", matchCriteriaId: "96143B66-C21D-43BE-BC94-C28B69FCBFAF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5F07CC41-0B27-4B97-B0D9-73C8F6D71021", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6E093F79-9ABA-4FEF-A178-8FA6EF2F871F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "73EE1905-615B-4893-ABD2-C979B095A8B2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "FA685E8E-676D-45A2-9383-37A4506F798B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "26F4872B-01EA-4473-B490-668C9AB29789", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "6D5FA4C9-EEB4-4AC7-ACA1-90A4BEC4A2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "414CEEED-2EAB-4BFF-9C28-A82069497B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "A4459D13-45E1-40F6-A5D3-4DD1632A8C45", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(6\\):*:*:*:*:*:*:*", matchCriteriaId: "FA527DCA-7F9A-4A7B-8C4F-9EED0B36E038", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(7\\):*:*:*:*:*:*:*", matchCriteriaId: "D749F811-40EA-420C-883D-DDD31C9F3145", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(0\\):*:*:*:*:*:*:*", matchCriteriaId: "896D4FA3-FF50-4C50-B823-04436C0E9B4A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B14AF067-2224-4A72-BA36-31435CB116F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "DE679CDD-D0C0-4E76-A295-C714AFF10723", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:libsrtp:*:*:*:*:*:*:*:*", matchCriteriaId: "1B2CFC42-D8FA-4C51-B1F1-0A03EC23A10A", versionEndIncluding: "1.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.9\\(9\\)st1.9:*:*:*:*:*:*:*", matchCriteriaId: "7DBDE7B3-6B02-450F-BFE3-FA25ABA7CCF7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.", }, { lang: "es", value: "La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686.", }, ], id: "CVE-2015-6360", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-21T10:59:00.117", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp", }, { source: "psirt@cisco.com", url: "http://www.debian.org/security/2016/dsa-3539", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035636", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035637", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035648", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035649", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035650", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035651", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1035652", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035651", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035652", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-20 20:15
Modified
2024-11-21 05:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E04AFBD-C69F-4462-9742-914CD9AD2BB7", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "F709C2EB-2724-443B-B362-0916AB8935EF", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "64674375-4962-410C-A837-339258B344C4", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "99FBA7C5-CE7D-41F0-ACFF-8A24079B7DDA", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7ABF16F2-3695-490C-B4B2-D6BAF80F9D25", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "829CD76A-0785-426B-851F-04790870713D", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6986C5A9-7211-463E-B016-18E19B66ADBA", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "211822F9-04D8-49F4-BB92-B5F740AAB2D1", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, { lang: "es", value: "Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM&P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso", }, ], id: "CVE-2021-1282", lastModified: "2024-11-21T05:43:59.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-20T20:15:16.407", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-35", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-11 09:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/102478 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040193 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102478 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040193 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "395232C7-93D5-4877-A726-32E5BAFAF812", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validación insuficiente de entrada de datos de parte del usuario en la interfaz de gestión web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad convenciendo a un usuario de la interfaz de gestión web para que haga clic en un enlace diseñado para enviar entradas maliciosas a la interfaz. Un exploit con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz o que pueda acceder a información sensible del navegador en el dispositivo objetivo. Cisco Bug IDs: CSCvg51264.", }, ], id: "CVE-2018-0118", lastModified: "2024-11-21T03:37:33.513", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-11T09:29:00.213", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102478", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040193", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-05-16 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=38763 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032278 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=38763 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032278 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.0\(1.10000.12\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1.10000.12\\):*:*:*:*:*:*:*", matchCriteriaId: "815EF306-D944-4D2D-9378-C3E993E58592", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.", }, { lang: "es", value: "Cisco Unified Communications Manager 10.0(1.10000.12) permite a usuarios locales ganar privilegios a través de una cadena de comandos en un parámetro no especificado, también conocido como Bug ID CSCut19546.", }, ], id: "CVE-2015-0717", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-05-16T14:59:00.063", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=38763", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=38763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032278", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/85883 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/85883 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F97E2E73-108D-42E0-B604-2992D6BB5F1D", versionEndIncluding: "9.1\\(2\\)", versionStartIncluding: "7.1\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the \"hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0.\"", }, { lang: "es", value: "Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(2) y el IM & Presence Service en Cisco Unified Presence Server hasta v9.1(2) usan el mismo CTI y clave de cifrado de la base de datos entre las diversas instalaciones, lo que hace más fácil para los atacantes dependientes de contexto eludir los mecanismos de protección de cifrado mediante el aprovechamiento del conocimiento de esta clave, también conocido como Bug ID CSCsc69187 y CSCui01756. NOTA: el vendedor ha declarado de que la \"clave de cifrado estática hardcodeada se considera un problema de hardening en lugar de una vulnerabilidad, y, como tal, tiene una puntuación CVSS de 0/0.\"", }, ], id: "CVE-2013-4869", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 0, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 0, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.993", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4013A936-92B1-4579-ABD3-B57A80A8C8E0", versionEndExcluding: "5.1\\(3\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "795C8E07-9671-4B8D-ABC6-D373F49D0244", versionEndExcluding: "6.1\\(1\\)", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.", }, { lang: "es", value: "Fugas de memoria en el servicio Certificate Trust List (CTL) Provider service de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(3) y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (consumo excesivo de memoria e interrupción del servicio) a través de una serie de paquetes TCP malformados, también conocido como Bug ID CSCsi98433.", }, ], id: "CVE-2008-1743", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-25 03:27
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1028938 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028938 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 8.6 | |
| cisco | unified_communications_manager | 8.6\(1\) | |
| cisco | unified_communications_manager | 8.6\(1a\) | |
| cisco | unified_communications_manager | 8.6\(2\) | |
| cisco | unified_communications_manager | 8.6\(2a\) | |
| cisco | unified_communications_manager | 8.6\(2a\)su1 | |
| cisco | unified_communications_manager | 8.6\(2a\)su2 | |
| cisco | unified_communications_manager | 9.0\(1\) | |
| cisco | unified_communications_manager | 8.5 | |
| cisco | unified_communications_manager | 8.5\(1\) | |
| cisco | unified_communications_manager | 8.5\(1\)su1 | |
| cisco | unified_communications_manager | 8.5\(1\)su2 | |
| cisco | unified_communications_manager | 8.5\(1\)su3 | |
| cisco | unified_communications_manager | 8.5\(1\)su4 | |
| cisco | unified_communications_manager | 8.5\(1\)su5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.", }, { lang: "es", value: "Fuga de memoria en Cisco Unified Communications Manager (Unified CM) v8.5(x) anterior a v8.5(1)su6, v8.6(x) anterior a v8.6(2a)su3, y v9.x anterior a v9.1(1) permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de una alta tasa de paquetes UDP, también conocido como Bug ID CSCub85597.", }, ], id: "CVE-2013-3460", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-25T03:27:32.650", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028938", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-02-27 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 9.0\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.", }, { lang: "es", value: "El Location Bandwidth Manager (LBM) entre clusters de comunicación, característica de Cisco Unified Communications Manager (CUCM) v9.x antes de v9.1 (1) no requiere la autenticación del nodo concentrador remoto LBM, que permite a atacantes remotos realizar ataques de envenenamiento de caché en contra de transacción registros, y provocar una denegación de servicio (consumo de ancho de banda y llamadas fuera de rango), a través de vectores sin especificar, también conocido como Bug ID CSCub28920.", }, ], id: "CVE-2013-1134", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-27T21:55:04.167", references: [ { source: "psirt@cisco.com", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-07-14 21:55
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.0\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0890B9FC-671D-4CB4-BA5C-3D3EE7124BCC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager 10.0(1) permite a usuarios remotos autenticados eliminar ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76314.", }, ], id: "CVE-2014-3317", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-07-14T21:55:05.797", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59727", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34898", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/68481", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030554", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94435", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34898", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/68481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94435", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-20 05:18
Modified
2025-04-11 00:51
Severity ?
Summary
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.", }, { lang: "es", value: "La aplicación web Real Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores no fuerza los requisitos de autenticación, lo que permite a atacantes remotos leer archivos de aplicaciones a través de una solicitud directa a una URL, también conocido como Bug ID CSCum46495.", }, ], id: "CVE-2014-0732", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-20T05:18:04.140", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-20 20:15
Modified
2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E04AFBD-C69F-4462-9742-914CD9AD2BB7", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "F709C2EB-2724-443B-B362-0916AB8935EF", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "64674375-4962-410C-A837-339258B344C4", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "99FBA7C5-CE7D-41F0-ACFF-8A24079B7DDA", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7ABF16F2-3695-490C-B4B2-D6BAF80F9D25", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "829CD76A-0785-426B-851F-04790870713D", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6986C5A9-7211-463E-B016-18E19B66ADBA", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "211822F9-04D8-49F4-BB92-B5F740AAB2D1", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, { lang: "es", value: "Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM&P), podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM&P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso", }, ], id: "CVE-2021-1355", lastModified: "2024-11-21T05:44:09.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-20T20:15:17.610", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-35", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.14076.1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.14076.1\\):*:*:*:*:*:*:*", matchCriteriaId: "7E96831F-40D0-4C7C-97FC-E8D3C063822C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).", }, { lang: "es", value: "Una vulnerabilidad en la página de servicio de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS reflejados. Más Información: CSCvc49348. Lanzamientos Afectados Conocidos: 10.5(2.14076.1). Lanzamientos Reparados Conocidos: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).", }, ], id: "CVE-2017-3821", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T02:59:00.200", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/96241", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037839", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96241", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-06 13:15
Modified
2024-11-21 05:44
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | hosted_collaboration_mediation_fulfillment | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:*", matchCriteriaId: "BDFAA0D9-FC4F-412C-8DB3-A7803F56A788", versionEndExcluding: "12.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "A311E432-42C2-408C-91AA-FC21BAFD0C65", versionEndExcluding: "12.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "0DB6097F-AB54-4768-96F1-AC232A2CAF01", versionEndExcluding: "12.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.", }, { lang: "es", value: "Una vulnerabilidad en el componente Java Management Extensions (JMX) de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante remoto autenticado causar una condición de denegación de servicio (DoS) en un sistema afectado. Esta vulnerabilidad es debido a un puerto TCP/IP no seguro. Un atacante podría explotar esta vulnerabilidad al acceder al puerto y reiniciando el proceso JMX. Una explotación con éxito podría permitir al atacante causar una condición de DoS en un sistema afectado", }, ], id: "CVE-2021-1478", lastModified: "2024-11-21T05:44:26.880", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-06T13:15:10.360", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-01-22 14:01
Modified
2025-04-12 10:46
Severity ?
Summary
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.", }, { lang: "es", value: "Vulnerabilidad de recorrido de directorio absoluto en la API Real-Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (CUCM) permite a usuarios remotos autenticados leer ficheros arbitrarios a través del nombre de ruta completo en un comando API, también conocido como Bug ID CSCur49414.", }, ], id: "CVE-2014-8008", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-01-22T14:01:14.913", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/72263", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031604", }, { source: "psirt@cisco.com", url: "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/72263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCA70732-8ACD-47D2-A311-319180F86892", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.", }, { lang: "es", value: "Multiples vulnerabilidades de rutas de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(1a) permite a usuarios locales ganar privilegios mediante el aprovechamiento de problemas relacionados con los permisos de ficheros y variables de entorno, también conocido como Bug ID CSCuh73454.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", id: "CVE-2013-3403", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.940", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/54249", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_\&_presence_service | * | |
| cisco | unity_connection | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8506B4-287F-4430-86C5-3F122A83CA1C", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "46DE37E0-D799-4F2D-A22A-980649992E46", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "1BBC30AD-79E5-4FA1-B868-0304A12040DC", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "6313AB2B-8CBB-48FF-BCBF-B24DE98855EF", versionEndExcluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM & amp; P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de interfaz. Estas vulnerabilidades se presentan porque la interfaz de administración basada en web no comprueba apropiadamente la entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades al persuadir a un usuario de la interfaz a hacer clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2021-1409", lastModified: "2024-11-21T05:44:17.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.907", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-11-19 03:03
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.2\\):*:*:*:*:*:*:*", matchCriteriaId: "E1ECEEC7-52A0-41EE-B1CB-C4B09D6E6940", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).", }, { lang: "es", value: "Una vulnerabilidad en varios parámetros de la página ccmivr de Cisco Unified Communication Manager (CallManager) podrían permitir a un atacante remoto no autenticado lanzar un ataque de XSS contra un usuario de la interfaz web en el sistema afectado. Más información: CSCvb37121. Lanzamientos conocidos afectados: 11.5(1.2). Lanzamientos conocidos solucionados: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).", }, ], id: "CVE-2016-6472", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-11-19T03:03:09.180", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/94364", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037305", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/94364", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-20 05:18
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.", }, { lang: "es", value: "Vulnerabilidad de XSS en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum46470.", }, ], id: "CVE-2014-0735", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-02-20T05:18:04.233", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65641", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029793", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager y Cisco Unified Communications Manager Session Management Edition (SME), podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz basada en web del software afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario mediante la interfaz basada en web del software afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en navegador.", }, ], id: "CVE-2019-12715", lastModified: "2024-11-21T04:23:25.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:14.483", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12715", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12715", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-14 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.", }, { lang: "es", value: "El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376.", }, ], id: "CVE-2014-7991", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-11-14T00:59:03.807", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/62267", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/71013", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031181", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/62267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/71013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 12.0\(0.99999.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(0.99999.2\\):*:*:*:*:*:*:*", matchCriteriaId: "0EAC0A3F-DF32-4609-AB7E-174C833A3E57", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, { lang: "es", value: "Una vulnerabilidad en el marco web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz web del software afectado. Más Información: CSCvb95951. Lanzamientos Afectados Conocidos: 12.0(0.99999.2). Lanzamientos Reparados Conocidos: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], id: "CVE-2017-3833", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T02:59:00.357", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/96246", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-08-23 02:11
Modified
2025-04-12 10:46
Severity ?
Summary
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm | Vendor Advisory | |
| psirt@cisco.com | http://www.securityfocus.com/bid/92517 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1036650 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92517 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036650 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "711B5CE0-3BA8-4DA6-A18C-D561ECC17A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.", }, { lang: "es", value: "La implementación de la API User Data Services (UDS) en Cisco Unified Communications Manager 11.5 permite a atacantes remotos eludir las restricciones destinadas al acceso y obtener información sensible a través de llamadas a la API no especificadas, también conocido como Bug ID CSCux67855.", }, ], id: "CVE-2016-6364", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-23T02:11:03.930", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92517", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036650", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/92517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036650", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-26 17:41
Modified
2025-04-09 00:30
Severity ?
Summary
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 5.1 | |
| cisco | unified_communications_manager | 6.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.", }, { lang: "es", value: "El Servicio Real -Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3) y 6.x versiones anteriores a la 6.1(1) permite a atacantes remotos evitar la autenticación y obtener información sobre la configuración en cluster y estadísticas, a través de una conexión directa TCP al puerto de servicio, también conocida como Bug ID CSCsj90843.", }, ], id: "CVE-2008-2730", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-26T17:41:00.000", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/30848", }, { source: "psirt@cisco.com", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/29935", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1020361", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020361", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-06-26 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.", }, { lang: "es", value: "Vulnerabilidad CSRF en el componente Unified Serviceability en Cisco Unified Communications Manager (CUCM), permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones re realizan acciones del tipo \"Unified Serviceability\". Aka Bug ID CSCuh10298.", }, ], id: "CVE-2013-3397", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-06-26T21:55:04.333", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3397", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-06 02:15
Modified
2024-11-21 04:37
Severity ?
8.6 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.", }, { lang: "es", value: "Una vulnerabilidad en la implementación del protocolo Session Initiation Protocol (SIP) del programa Cisco Unified Communications Manager, podría permitir a un atacante remoto no identificado causar una condición de denegación de servicio (DoS). La vulnerabilidad es debido a una comprobación insuficiente del tráfico de entrada bajo protocolo SIP. Un atacante podría aprovechar esta vulnerabilidad mediante el envío de un paquete SIP malformado hacia un programa Cisco Unified Communications Manager afectado. Una operación con éxito podría permitir al atacante activar un nuevo proceso de registro en todos los teléfonos conectados, interrumpiendo el servicio temporalmente.", }, ], id: "CVE-2019-1887", lastModified: "2024-11-21T04:37:37.050", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-06T02:15:11.090", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-07-15 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 5.0 | |
| cisco | unified_communications_manager | 5.1\(1\) | |
| cisco | unified_communications_manager | 5.1\(2\) | |
| cisco | unified_presence_server | 1.0 | |
| cisco | unified_presence_server | 1.0\(1\) | |
| cisco | unified_presence_server | 1.0\(2\) | |
| cisco | unified_presence_server | 1.0\(3\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "7F897DA4-E313-45C8-A4FB-52404D6541BE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "22B299D9-A18B-41D9-B976-57AFDAA751DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "9465A4F0-44C0-4A43-962E-0CCEADA05533", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.", }, { lang: "es", value: "Cisco Unified Communications Manager (CUCM, antiguamente CallManager) y Unified Presence Server (CUPS) permiten a atacantes remotos obtener información sensible a través de vectores sin especificar que revelan las cadenas de comunidad SNMP y las opciones de configuración, también conocido como (1) CSCsj20668 y (2) CSCsj25962.", }, ], id: "CVE-2007-3776", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-07-15T22:30:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/36124", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/26039", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1018368", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/24867", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/2511", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/36124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/26039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1018368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/24867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35344", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-07-14 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39877 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032886 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39877 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032886 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(1.99995.9\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.99995.9\\):*:*:*:*:*:*:*", matchCriteriaId: "7C62F7D1-CE41-4AA3-A4C9-6A77C4D45F70", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.", }, { lang: "es", value: "El componente de regulación de Tomcat en el gestor de comunicaciones unificado de Cisco 10.5 (1.99995.9) permite a usuarios remotos autenticados llevar a cabo una denegación de servicio (corte de gestión) por medio del envío de muchas peticiones, también conocido como Bug ID CSCuu99709.", }, ], id: "CVE-2015-4269", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-07-14T14:59:03.077", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39877", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032886", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032886", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-25 03:27
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.", }, { lang: "es", value: "Cisco Unified Communications Manager (Unified CM) v7.1(x) anterior a v7.1(5b)su6a no maneja adecuadamente los errores, lo que permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de mensajes de registro con formato incorrecto, también conocido como Bug ID CSCuf93466.", }, ], id: "CVE-2013-3459", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-25T03:27:32.597", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1028938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1028938", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337.", }, { lang: "es", value: "Cisco Unified Communications Manager (UCM) no requiere autenticación para la lectura de archivos WAR, lo que permite a atacantes remotos obtener información sensible a través del acceso no especificado a \"file storage location,\" también conocido como Bug ID CSCum05337.", }, ], id: "CVE-2014-0725", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.557", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la interfaz Java Database en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05313.", }, ], id: "CVE-2014-0728", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.637", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/103221", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32834", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/103221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65499", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-01 20:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104949 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041407 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104949 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041407 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validación insuficiente de entrada de datos de parte del usuario en la interfaz de gestión web del software afectado. Un atacante podría explotar esta vulnerabilidad haciendo que un usuario de la interfaz haga clic en un enlace manipulado. Un exploit con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz o que pueda acceder a información sensible del navegador. Cisco Bug IDs: CSCvk15343.", }, ], id: "CVE-2018-0411", lastModified: "2024-11-21T03:38:10.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-01T20:29:00.480", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104949", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041407", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104949", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-07-10 11:06
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0\(1\)_base |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1\\)_base:*:*:*:*:*:*:*", matchCriteriaId: "B065CEE2-A88A-4923-A684-6AE76C4A8006", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en dna/viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76318.", }, ], id: "CVE-2014-3318", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-07-10T11:06:28.067", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59728", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34897", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/68482", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030554", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/68482", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94433", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-27 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:unified_ip_interactive_voice_response:-:*:*:*:*:*:*:*", matchCriteriaId: "70A0811D-F2CF-40FC-81D2-94A5ED94919B", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_ip_ivr:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "E8AC426E-23CD-482C-B685-74E878BAC6CB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_ip_ivr:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "53C79246-3D29-4A8E-94DD-8771964B7E4F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_ip_ivr:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "42BEC70D-CF5E-4502-A8F4-4E33BD8211B7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_ip_ivr:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "342BA247-E04A-4A9A-BC7B-F517F59737A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_ip_ivr:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "880CF3B2-091F-4D3C-8D92-67600C317F2C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_ip_ivr:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0F55067A-877D-46F3-8125-8F19C221D90B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_ccx:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "DBAF3470-5AF5-4B26-AA92-A92E908A52E4", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_ccx:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "A8CDC6A2-319F-4C83-8042-BEF6C9FD1C2B", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_ccx:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "947A904F-0C92-4ECF-9274-82B1F384E9F2", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_ccx:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F7A63A8E-5C77-4FA9-BFCE-EDD840592D55", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_ccx:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "88373C07-1C93-46B4-8D46-9D790262764C", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_ccx:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B9235568-323C-4060-8E7D-2CDC9C19DDAA", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (CUCM) v5.x y v6.x anterior v6.1(5)SU2, v7.x anterior v7.1(5b)SU2 y v8.x anterior v8.0(3), y Cisco Unified Contact Center Express (también conocido como Unified CCX o UCCX) y Cisco Unified IP Interactive Voice Response (Unified IP-IVR) anterior a v6.0(1)SR1ES8, v7.0(x) anterior a v7.0(2)ES1, v8.0(x) hasta v8.0(2)SU3, y v8.5(x) anterior a v8.5(1)SU2, permite a atacantes remotos leer ficheros arbitrarios mediante una URL especialmente diseñada, también conocido como Bug IDs CSCth09343 y CSCts44049.", }, ], id: "CVE-2011-3315", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-27T21:55:00.823", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-27 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4b\\):*:*:*:*:*:*:*", matchCriteriaId: "172CBA52-EEB8-4082-99C3-F69FBC1C7DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0EF973A5-0AC0-46E3-BD1B-C92738261456", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "76DA84D7-1D53-4180-A33F-58E87F8BEB32", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2b:*:*:*:*:*:*:*", matchCriteriaId: "E314B0F7-1A27-483E-B3B3-947A5561281F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bc:*:*:*:*:*:*:*", matchCriteriaId: "A3EF2531-3E6B-4FDC-B96B-2BC3F8EAF39A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bw:*:*:*:*:*:*:*", matchCriteriaId: "05B838C9-E60E-46A3-A5FB-4F67291D0851", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bx:*:*:*:*:*:*:*", matchCriteriaId: "2B29F111-CBA4-464D-8B25-C2677BA270EC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2by:*:*:*:*:*:*:*", matchCriteriaId: "E96C76C5-52BA-45D9-9803-048E770BAA84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bz:*:*:*:*:*:*:*", matchCriteriaId: "42EB3A6A-8B37-47E6-AA9B-1B13FC08F542", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ca:*:*:*:*:*:*:*", matchCriteriaId: "22D57BED-1D99-4077-941C-E60BEA65324E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2cx:*:*:*:*:*:*:*", matchCriteriaId: "F4BA2D6E-FD22-4BFD-B8B4-D6542E173C72", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2cy:*:*:*:*:*:*:*", matchCriteriaId: "78B9E2C6-0E23-4AC9-906F-28BBC15868DB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2cz:*:*:*:*:*:*:*", matchCriteriaId: "B7F75542-F2C5-4CEB-B655-E0620408A3B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2da:*:*:*:*:*:*:*", matchCriteriaId: "7B7EA3DA-33B3-4480-B3B8-413745D6C5FE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2dd:*:*:*:*:*:*:*", matchCriteriaId: "BDC41749-91FC-43DB-A52F-AC3E3A2205C7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2dx:*:*:*:*:*:*:*", matchCriteriaId: "EE0195AE-24FD-43B2-892B-F646B8B5ED6A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ew:*:*:*:*:*:*:*", matchCriteriaId: "316924D4-10D4-4C98-AF05-DDE1D530A205", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ewa:*:*:*:*:*:*:*", matchCriteriaId: "11866346-C29A-463D-A18F-528C23DD579E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ex:*:*:*:*:*:*:*", matchCriteriaId: "0912492E-565A-4559-ABB8-D2898F06CF29", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ey:*:*:*:*:*:*:*", matchCriteriaId: "2CD6421A-D8C4-4A3E-9497-4AC130CFE597", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ez:*:*:*:*:*:*:*", matchCriteriaId: "91F44EC8-13BF-4032-9EBA-0D50C6A353BA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2fx:*:*:*:*:*:*:*", matchCriteriaId: "370EEE74-3DAA-4BB2-9192-66672229DC39", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2fy:*:*:*:*:*:*:*", matchCriteriaId: "4CF74B28-CD95-4BC6-97D4-D529D30E1509", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2fz:*:*:*:*:*:*:*", matchCriteriaId: "F2EB679F-FA51-47A1-BB3E-97AB517AFBB6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2irb:*:*:*:*:*:*:*", matchCriteriaId: "7B88D71E-C9CB-44D7-AB06-49CFF1117DA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixa:*:*:*:*:*:*:*", matchCriteriaId: "DEDCF5A7-14E5-4E0C-88AD-7F891B5EFC66", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixb:*:*:*:*:*:*:*", matchCriteriaId: "F7111CAE-9279-49DA-B05A-046BB3EFA85F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixc:*:*:*:*:*:*:*", matchCriteriaId: "A4203A9F-BBC3-4BF2-B915-C3BF2EB73EAB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixd:*:*:*:*:*:*:*", matchCriteriaId: "E186AB2F-8C5B-45E0-9194-BF66DA64F772", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixe:*:*:*:*:*:*:*", matchCriteriaId: "D32DCDA3-76B6-423C-9AF1-B65F19077909", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixf:*:*:*:*:*:*:*", matchCriteriaId: "BCCE26DD-FE65-4041-AB4D-9C7A16EE175C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixg:*:*:*:*:*:*:*", matchCriteriaId: "FE88965B-D148-43EB-9FC6-2EF5E5C917FC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2l:*:*:*:*:*:*:*", matchCriteriaId: "6FEFEFF0-65E0-4F68-8C9E-03DAC585CA5E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2mb:*:*:*:*:*:*:*", matchCriteriaId: "6B27825D-099A-4733-8D3F-8EF2B050E5B5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2rc:*:*:*:*:*:*:*", matchCriteriaId: "A4577947-7960-4627-9A74-9C3BB6477DDD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*", matchCriteriaId: "2D035A35-D53E-4C49-B4E4-F40B85866F27", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sb:*:*:*:*:*:*:*", matchCriteriaId: "ADBDC6C0-961B-441D-8C34-AACE0902057E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sbc:*:*:*:*:*:*:*", matchCriteriaId: "F1579A2D-955F-4CC6-9F94-9D40C669D903", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sca:*:*:*:*:*:*:*", matchCriteriaId: "140C7C99-1B50-431C-B55C-DFF308E7ECF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scb:*:*:*:*:*:*:*", matchCriteriaId: "65213862-01D0-4B1D-8C76-B19D083BF460", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2se:*:*:*:*:*:*:*", matchCriteriaId: "F05A548B-C443-4C15-B636-64C1F9B9860D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sea:*:*:*:*:*:*:*", matchCriteriaId: "87DC8B40-2093-4D3A-B18B-F95868A36D8E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2seb:*:*:*:*:*:*:*", matchCriteriaId: "CFB7E760-8260-4488-B9FB-C741C1763F40", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sec:*:*:*:*:*:*:*", matchCriteriaId: "A8F4B373-490C-463F-B518-89D0CABB852C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sed:*:*:*:*:*:*:*", matchCriteriaId: "9A2B4600-550F-4D5D-9BBD-E035025677BB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2see:*:*:*:*:*:*:*", matchCriteriaId: "1F42A6D9-8CC3-49AF-AA56-96894CCE5AF5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sef:*:*:*:*:*:*:*", matchCriteriaId: "A4474AB2-AFF5-46F1-9066-54A4D6FA98C4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2seg:*:*:*:*:*:*:*", matchCriteriaId: "7D81068C-7E72-4D5E-84CA-5942B9E8AB53", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sg:*:*:*:*:*:*:*", matchCriteriaId: "E85ABE5E-7900-4A9C-A945-48B293EF46B5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sga:*:*:*:*:*:*:*", matchCriteriaId: "43E166F3-931A-4997-B7B2-F2AD19C6F209", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sm:*:*:*:*:*:*:*", matchCriteriaId: "9A70BEC7-8A69-44B2-9DDA-DFC1A13EB7B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sr:*:*:*:*:*:*:*", matchCriteriaId: "BDE7C923-7CBB-4990-905B-9DD9D7D5946A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sra:*:*:*:*:*:*:*", matchCriteriaId: "A892B3F0-5A31-4086-8AB5-F06E68588EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2srb:*:*:*:*:*:*:*", matchCriteriaId: "D8E6BB50-7C0C-4E31-8DB0-40E145C8D9CF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2src:*:*:*:*:*:*:*", matchCriteriaId: "8A0DA930-86CE-4D17-BD41-9C4E47D8088F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2su:*:*:*:*:*:*:*", matchCriteriaId: "FC70491B-F701-4D33-A314-C686469DBD2C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sv:*:*:*:*:*:*:*", matchCriteriaId: "198C24E9-6D45-44FD-B502-D14ACDA99EDA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sva:*:*:*:*:*:*:*", matchCriteriaId: "E768F600-19DC-46A5-BDED-3C2497530CD4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2svc:*:*:*:*:*:*:*", matchCriteriaId: "16EF97B1-5150-4E88-B011-DB8F0AAFA9CD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2svd:*:*:*:*:*:*:*", matchCriteriaId: "CDC263E7-BA6A-41CB-8248-5DDB4404D9BD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sve:*:*:*:*:*:*:*", matchCriteriaId: "544835A2-3AB0-4313-A731-54B1123F7498", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sw:*:*:*:*:*:*:*", matchCriteriaId: "5DEF14D5-1327-4012-913F-DA0E12C4E953", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*", matchCriteriaId: "4DE0B5B8-DEB1-4021-B854-177C0D9FD73A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxa:*:*:*:*:*:*:*", matchCriteriaId: "E7A672BD-87AE-424D-8735-073BBE9CE164", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxb:*:*:*:*:*:*:*", matchCriteriaId: "95C033E3-184B-4AC1-B10D-8318FEAF73FB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxd:*:*:*:*:*:*:*", matchCriteriaId: "FC1DDD7C-7921-45D3-81F7-4D9A407CBB5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxe:*:*:*:*:*:*:*", matchCriteriaId: "5A68D177-B028-4025-BD7B-82ACDB2D1E21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxf:*:*:*:*:*:*:*", matchCriteriaId: "485ACF9E-1305-4D71-A766-5BE1D748AAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxi:*:*:*:*:*:*:*", matchCriteriaId: "C03B0702-070F-48D5-9CBC-DB36D409A4EF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", matchCriteriaId: "09458CD7-D430-4957-8506-FAB2A3E2AA65", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sz:*:*:*:*:*:*:*", matchCriteriaId: "6E709D6B-61DB-4905-B539-B8488D7E2DC0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2tpc:*:*:*:*:*:*:*", matchCriteriaId: "F6C1C831-556D-4634-AA24-6D64943ED275", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", matchCriteriaId: "EAC6758B-C6EE-45CB-AC2D-28C4AE709DD4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*", matchCriteriaId: "075CD42D-070A-49BA-90D9-E7925BB41A38", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*", matchCriteriaId: "DCB9967A-1EBD-4BE0-8651-1C7D42B2BF4E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", matchCriteriaId: "4AB8E66C-A16F-4CC5-9FDF-AE274FF035EB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*", matchCriteriaId: "746DDC61-3981-4E93-A7EE-C120E0265485", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*", matchCriteriaId: "FCC88CC5-CF58-48A3-AFB6-FD38E5F40845", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*", matchCriteriaId: "5AF2C6C2-58E8-4EA6-84FB-4D11F31490A3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", matchCriteriaId: "4628FDA0-4260-4493-92C9-4574E5EC06A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*", matchCriteriaId: "F9FA064A-6E1A-4415-84D4-1A33FF667011", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*", matchCriteriaId: "EE896909-F8C3-4723-B5E7-9FB5FA2B73B6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*", matchCriteriaId: "9F9CDCE5-F6D3-4FA3-ADA0-EED2517FF7EC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*", matchCriteriaId: "7E03EE34-C398-43B4-A529-BE7BAFA4B3C3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*", matchCriteriaId: "21147732-FA22-4728-B5F2-D115B78A8EDB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*", matchCriteriaId: "4D717498-4DF9-4D15-A25B-D777FF460E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xnb:*:*:*:*:*:*:*", matchCriteriaId: "17AA0C3D-7C96-4D2E-91E5-232536245ABF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xnc:*:*:*:*:*:*:*", matchCriteriaId: "5D57ACB3-4ADC-4FBE-BA46-395F277B9997", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xnd:*:*:*:*:*:*:*", matchCriteriaId: "E2916FA5-1FFF-48FB-A079-693AD3444CC1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xo:*:*:*:*:*:*:*", matchCriteriaId: "1EE03B1E-1522-4143-A019-B19E1F605A4A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", matchCriteriaId: "4B40548F-3914-4227-9E4C-F1B34071C069", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*", matchCriteriaId: "C1C23EC9-C1C6-4F73-9FF5-24A5B97B8D91", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*", matchCriteriaId: "ECE49281-0571-49F7-95FF-68B1ACA07537", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*", matchCriteriaId: "9B09B72E-6862-4115-9A0B-574089A94289", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xu:*:*:*:*:*:*:*", matchCriteriaId: "EC38B64C-E246-467F-A185-669497DEA839", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xv:*:*:*:*:*:*:*", matchCriteriaId: "FBB42063-9DB5-42DB-825A-53C6DBB51A57", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*", matchCriteriaId: "6E5C90EE-A9C0-461C-9E89-732BFA9BD066", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ya:*:*:*:*:*:*:*", matchCriteriaId: "E74B6350-C2F8-4786-8E32-2ED6C188A5E6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yb:*:*:*:*:*:*:*", matchCriteriaId: "F8E26473-A8EF-44C5-B550-5E0B86D31291", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yc:*:*:*:*:*:*:*", matchCriteriaId: "663FE3CE-FA09-46A2-9C0D-2797D9137A82", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yd:*:*:*:*:*:*:*", matchCriteriaId: "86309E93-F2C9-4334-9A1C-989EFDC99215", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ye:*:*:*:*:*:*:*", matchCriteriaId: "761D49D6-0624-41CE-829E-49E7EA679EF3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yf:*:*:*:*:*:*:*", matchCriteriaId: "9BFAF394-6E9A-4CD6-B8A6-5BDDE4EC8EC4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yg:*:*:*:*:*:*:*", matchCriteriaId: "65318A70-40FF-4BE8-962B-DFCD5C476166", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yh:*:*:*:*:*:*:*", matchCriteriaId: "8B6DB954-EDC8-4A81-8C26-9D3DBC68FC67", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yj:*:*:*:*:*:*:*", matchCriteriaId: "552C1E7A-2FFA-49BC-BF09-F0DE9B0C7502", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yk:*:*:*:*:*:*:*", matchCriteriaId: "869CEAF7-59D6-4651-8D89-0244D6C430A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yl:*:*:*:*:*:*:*", matchCriteriaId: "059FBAA6-3127-4DF9-99AD-AA3A16317B6D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ym:*:*:*:*:*:*:*", matchCriteriaId: "0E0E376F-64E1-4632-9A8E-11DC99FB245F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yn:*:*:*:*:*:*:*", matchCriteriaId: "BF440B52-C6AE-4608-BE71-01B354D37BEE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yo:*:*:*:*:*:*:*", matchCriteriaId: "243BEF5E-F693-450E-B274-FD7CF34B6771", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yp:*:*:*:*:*:*:*", matchCriteriaId: "E7918C59-1678-4F24-A7C2-68824D1B59A5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yq:*:*:*:*:*:*:*", matchCriteriaId: "DE72804E-600D-47FA-B3BF-36BD3CF13A75", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yr:*:*:*:*:*:*:*", matchCriteriaId: "DAD14B6D-CA11-41C1-9382-70CF1F5B4C8C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ys:*:*:*:*:*:*:*", matchCriteriaId: "7F5B9BAF-59BA-4282-B387-489264D44429", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yt:*:*:*:*:*:*:*", matchCriteriaId: "969A5BAA-19D5-4411-BABB-FE55DBA7C7D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yu:*:*:*:*:*:*:*", matchCriteriaId: "54B41182-7AA8-49D1-BAC3-EAF312E43553", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yv:*:*:*:*:*:*:*", matchCriteriaId: "E11BBB83-147B-4FBF-B263-77FCCFB2D92D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yw:*:*:*:*:*:*:*", matchCriteriaId: "2E84677D-793D-44C5-80E9-FC29C3183278", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yx:*:*:*:*:*:*:*", matchCriteriaId: "E70E5B1F-E72C-4DAB-B6FA-977EF04BFBDA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yy:*:*:*:*:*:*:*", matchCriteriaId: "ECFA2358-6B79-472D-9092-FF99DC3DF042", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yz:*:*:*:*:*:*:*", matchCriteriaId: "A3C26842-FF50-436F-8DB6-15A70082CD1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*", matchCriteriaId: "62626BB6-D4EA-4A8A-ABC1-F86B37F19EDB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zb:*:*:*:*:*:*:*", matchCriteriaId: "9384B48D-0F62-4042-BE8F-9A8F5FE9A3D0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zc:*:*:*:*:*:*:*", matchCriteriaId: "F4A31301-AAB0-4744-98B2-695D88798D9D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zd:*:*:*:*:*:*:*", matchCriteriaId: "ECB4BA74-BE9F-43D5-9D0F-78F4F2BB19B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ze:*:*:*:*:*:*:*", matchCriteriaId: "0CEB27CF-46B5-4780-964C-C31193614B74", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zf:*:*:*:*:*:*:*", matchCriteriaId: "0F1094F9-7222-4DE0-A368-7421ABA66E3C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zg:*:*:*:*:*:*:*", matchCriteriaId: "6C7EA2BB-A52A-438C-8EB5-CD283CACBACE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zh:*:*:*:*:*:*:*", matchCriteriaId: "574FFD6F-D56C-41DB-A978-E501BA3CA5D8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zj:*:*:*:*:*:*:*", matchCriteriaId: "11790F38-3720-45CF-9FD4-A8E5867684D3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zl:*:*:*:*:*:*:*", matchCriteriaId: "4AE2282B-6693-4E4B-8662-501EBC14CD9E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zp:*:*:*:*:*:*:*", matchCriteriaId: "A925BA5C-AB2F-4B73-BA93-55664A319CAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zu:*:*:*:*:*:*:*", matchCriteriaId: "9AE02B7C-BC2D-433C-B0A8-E60EDD62538E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zx:*:*:*:*:*:*:*", matchCriteriaId: "F9663D24-0D1D-4F46-961F-9D37D3776E90", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zy:*:*:*:*:*:*:*", matchCriteriaId: "E83649EC-61A5-4937-93F4-42D082023382", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zya:*:*:*:*:*:*:*", matchCriteriaId: "5D8830A0-E816-40C4-8743-A9E0994BA922", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "0668C45B-9D25-424B-B876-C1721BFFE5DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3b:*:*:*:*:*:*:*", matchCriteriaId: "292F6F99-19B3-4106-A432-5DE916CCDD56", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3bc:*:*:*:*:*:*:*", matchCriteriaId: "40183EF8-BD19-49AD-9E55-7FCCA635327F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3bw:*:*:*:*:*:*:*", matchCriteriaId: "B8E40D5D-F46E-4098-A46A-1A52A343310D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ja:*:*:*:*:*:*:*", matchCriteriaId: "D73E5138-016A-48EC-A367-3D3285AAFED2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3jea:*:*:*:*:*:*:*", matchCriteriaId: "C114F1A6-5DFE-408F-B83A-E8B9D4AF9791", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3jeb:*:*:*:*:*:*:*", matchCriteriaId: "9CD5C082-9730-466D-A4A8-E4EEE5F3730D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3jec:*:*:*:*:*:*:*", matchCriteriaId: "8CF419BD-8474-4F33-9CDD-587E341ABA8D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3jk:*:*:*:*:*:*:*", matchCriteriaId: "332B0446-4D8B-414B-B572-84B45D5643AE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3jl:*:*:*:*:*:*:*", matchCriteriaId: "BE0A39D0-0E87-42E9-B8D3-2010FDCC03D0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3jx:*:*:*:*:*:*:*", matchCriteriaId: "D40FB896-E20C-46B1-BF59-FBB42295F9C2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*", matchCriteriaId: "C0C3B413-76F7-413B-A51F-29834F9DE722", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3tpc:*:*:*:*:*:*:*", matchCriteriaId: "841CDC5F-8F0E-4AE7-A7A9-960E0A8C66B9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3va:*:*:*:*:*:*:*", matchCriteriaId: "B418CFDD-AF36-46F9-B347-B34E72100F95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xa:*:*:*:*:*:*:*", matchCriteriaId: "84C89CFF-64BB-4058-9C49-C6BF3E5D8DB2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xb:*:*:*:*:*:*:*", matchCriteriaId: "ACB3B5E3-BDEE-4F29-AB02-BBFC6088D77E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xc:*:*:*:*:*:*:*", matchCriteriaId: "A9F12741-69FB-46DD-A670-8461492B338A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xd:*:*:*:*:*:*:*", matchCriteriaId: "7EC2D158-6174-4AE8-83DA-125B072B6980", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xe:*:*:*:*:*:*:*", matchCriteriaId: "A5688D88-A550-43EB-8854-2E132EC71156", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xf:*:*:*:*:*:*:*", matchCriteriaId: "8218E2D3-4F1E-440F-A2B2-A68D4692BB17", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xg:*:*:*:*:*:*:*", matchCriteriaId: "6BE2132D-CF21-49F1-BC66-FA6CDB6D72BD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*", matchCriteriaId: "AA212293-7BAF-4AD9-BD30-E953CBA7CB95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xk:*:*:*:*:*:*:*", matchCriteriaId: "1018E04C-5575-4D1A-B482-D1CDB9AD6A50", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xl:*:*:*:*:*:*:*", matchCriteriaId: "68FC4904-1F4D-4E10-AF95-911B07827598", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xq:*:*:*:*:*:*:*", matchCriteriaId: "86B9E611-3F06-424C-96EF-EE4997C70AB9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xr:*:*:*:*:*:*:*", matchCriteriaId: "E0A5760A-9FFE-4941-B2BD-7DD54B1E1B37", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xs:*:*:*:*:*:*:*", matchCriteriaId: "98FE195E-084B-4F4C-800D-850165DED48C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xu:*:*:*:*:*:*:*", matchCriteriaId: "FB74F350-37F8-48DF-924E-415E51932163", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xw:*:*:*:*:*:*:*", matchCriteriaId: "E618BF54-56DC-40FC-A515-3BFB4366F823", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xx:*:*:*:*:*:*:*", matchCriteriaId: "A1976E53-85A6-494F-B8AC-847E7988850C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xy:*:*:*:*:*:*:*", matchCriteriaId: "D90B78E1-3FC7-4CF6-B0BA-1D4CA0FAB57E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xz:*:*:*:*:*:*:*", matchCriteriaId: "9A668D08-14C4-4438-A59C-CE60498BEF8B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ya:*:*:*:*:*:*:*", matchCriteriaId: "320C5597-68BE-4899-9EBB-9B4DEE8EA7DB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yd:*:*:*:*:*:*:*", matchCriteriaId: "520304A4-EB15-42A8-A402-8251A4D2076D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yf:*:*:*:*:*:*:*", matchCriteriaId: "C46B66D6-1BF1-4DCA-868F-BADE3CB96063", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yg:*:*:*:*:*:*:*", matchCriteriaId: "CA88C064-898F-4C0D-A266-D7B3509C28A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yh:*:*:*:*:*:*:*", matchCriteriaId: "139B1182-61A3-4F3D-9E29-758F27917646", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yj:*:*:*:*:*:*:*", matchCriteriaId: "1B46199E-0DF1-4B3F-A29E-1A2FC016F0F5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yk:*:*:*:*:*:*:*", matchCriteriaId: "1DF4D0E3-8015-4D6F-8364-B6EEAAE67971", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ym:*:*:*:*:*:*:*", matchCriteriaId: "2595DCBA-E6F2-4551-A804-4DBB137F076B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yq:*:*:*:*:*:*:*", matchCriteriaId: "CD6DF12B-2A20-4AC5-8EC5-729008D87736", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ys:*:*:*:*:*:*:*", matchCriteriaId: "6BF9D6B6-E51F-44FF-97E5-15E0C4E9C3D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yt:*:*:*:*:*:*:*", matchCriteriaId: "A25C42FA-37F4-4B7F-AFCA-D7F081F58CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yu:*:*:*:*:*:*:*", matchCriteriaId: "B0AB8F07-AF43-4202-9908-F9A1DF6FFC03", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yx:*:*:*:*:*:*:*", matchCriteriaId: "2958873B-A0AB-4EAF-A5CF-8423739FAB07", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yz:*:*:*:*:*:*:*", matchCriteriaId: "1938D118-C07F-4BEC-8030-947F099BFCB8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3za:*:*:*:*:*:*:*", matchCriteriaId: "3870C62F-D086-419C-A0E6-815E9ED5DE3B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", matchCriteriaId: "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0\\(1\\)s1:*:*:*:*:*:*:*", matchCriteriaId: "54966D6A-5471-4685-9FCC-C3F75297F2A1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0\\(1\\)s2:*:*:*:*:*:*:*", matchCriteriaId: "A6AEE27B-B0A8-486C-8E12-D789047401B1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0\\(1\\)se:*:*:*:*:*:*:*", matchCriteriaId: "971AAF00-63AA-4B3F-8E0F-B8FBD011C071", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0m:*:*:*:*:*:*:*", matchCriteriaId: "3D03374C-7EF0-4455-839E-09CA4F2E85BC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0mr:*:*:*:*:*:*:*", matchCriteriaId: "8199BA12-E3A6-447E-A5D0-AC69BB7D2441", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0mra:*:*:*:*:*:*:*", matchCriteriaId: "D1B62095-2371-41DF-9892-70120C262EC7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0s:*:*:*:*:*:*:*", matchCriteriaId: "F3EB72C9-C9AA-4E5C-8E87-A1AAA09AC5D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0sa:*:*:*:*:*:*:*", matchCriteriaId: "DF614A4F-F23D-4123-85E5-E0F06C6BAB95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0sg:*:*:*:*:*:*:*", matchCriteriaId: "58870B6A-55D2-4BFA-89F9-9332205CC130", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0xa:*:*:*:*:*:*:*", matchCriteriaId: "EC6EF56C-032C-43F6-A979-E18BEA0E16A6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0xo:*:*:*:*:*:*:*", matchCriteriaId: "61D28B5C-F578-47E1-A8AC-A79D8A7F340C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", matchCriteriaId: "EB41294E-F3DF-4F1E-A4C8-E90B21A88836", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1\\(1\\)xb1:*:*:*:*:*:*:*", matchCriteriaId: "2D30CD49-F004-4830-A33E-9FC6E423CEA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1\\(2\\)t:*:*:*:*:*:*:*", matchCriteriaId: "5D14775C-95F5-4507-9837-CA818489CF4F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1\\(3\\)t:*:*:*:*:*:*:*", matchCriteriaId: "855B1020-7FB6-46D1-ABAF-5618590CF329", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1\\(4\\)m:*:*:*:*:*:*:*", matchCriteriaId: "8DEBAA67-9C88-48CE-88F7-4B5463B87B68", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1\\(4\\)m1:*:*:*:*:*:*:*", matchCriteriaId: "2B71E784-53C0-46AE-AB6E-9B4CB5FAFFFA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1ey:*:*:*:*:*:*:*", matchCriteriaId: "DF6528FF-7F24-4919-BE68-E51D3FFD5123", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1gc:*:*:*:*:*:*:*", matchCriteriaId: "B8665036-2C40-498A-B022-F6DA288D1581", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1m:*:*:*:*:*:*:*", matchCriteriaId: "0F2359A4-8494-4BBA-85E5-C4E66D9362CE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1s:*:*:*:*:*:*:*", matchCriteriaId: "8A9B1D5E-02CA-4949-8ACB-9B40642816B6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1t:*:*:*:*:*:*:*", matchCriteriaId: "5FAFA073-B16F-475F-B68D-8FE9135AB0A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1xb:*:*:*:*:*:*:*", matchCriteriaId: "34137E45-7EC0-4350-9F6D-B427CE07D693", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*", matchCriteriaId: "C2AB6A02-B7C7-48D1-8857-BD1CDF9A40D8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.3.0sg:*:*:*:*:*:*:*", matchCriteriaId: "A52C1850-27F7-40C8-BA26-660D160AD163", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.3.1s:*:*:*:*:*:*:*", matchCriteriaId: "737D7668-872C-4246-9AB9-12FF059E231A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.3.1sg:*:*:*:*:*:*:*", matchCriteriaId: "1AAC822D-E886-46A9-80E8-06DD753A458E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.4.0as:*:*:*:*:*:*:*", matchCriteriaId: "B45225F2-C9EB-493D-B845-64BFB8DBB89B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.4.0s:*:*:*:*:*:*:*", matchCriteriaId: "252377A3-7F15-45F2-A169-BBC37858D4DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.4.1s:*:*:*:*:*:*:*", matchCriteriaId: "02E8F96A-EA9C-4E66-8491-9B2A3A4023F5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.4.2s:*:*:*:*:*:*:*", matchCriteriaId: "85908754-8426-49D3-BCC2-AF174B5D0EF8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.4.3s:*:*:*:*:*:*:*", matchCriteriaId: "7F5BA973-D59A-4CB9-BC35-089F88737425", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.4.xs:*:*:*:*:*:*:*", matchCriteriaId: "B7D36DA8-0CBC-424F-80FB-A59839C49FE0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.5.0s:*:*:*:*:*:*:*", matchCriteriaId: "5872A42F-745E-4EC6-8679-C28F79F6621C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.5.1s:*:*:*:*:*:*:*", matchCriteriaId: "86947E54-A1B9-4ECE-92A6-417462249612", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.5.2s:*:*:*:*:*:*:*", matchCriteriaId: "C910BE7C-517F-4E41-8433-1858F700AA22", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.5.xs:*:*:*:*:*:*:*", matchCriteriaId: "A862D914-CE60-48A9-9D52-299642BE3FF6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.", }, { lang: "es", value: "La implementación SIP en Cisco Unified Communications Manager (CUCM) v6.x y v7.x anteriores a v7.1(5b)su5, v8.x anteriores a v8.5(1)su4, y v8.6 anteriores a v8.6(2a)su1; Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.2; y Cisco IOS XE v3.3.xSG anteriores a v3.3.1SG, v3.4.xS, y 3.5.xS permite a atacantes remotos a provocar una denegación de servicio (caída del servicio o recarga de dispositivo) a través de mensajes SIP manipulados que contienen la descripción de una sesión SDP, también conocido como Bug IDs CSCtw66721, CSCtj33003, y CSCtw84664.", }, ], id: "CVE-2012-3949", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-27T00:55:00.797", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://osvdb.org/85816", }, { source: "psirt@cisco.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/50774", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/85816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/50774", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/55697", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-20 05:18
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la implementación Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum46483.", }, ], id: "CVE-2014-0734", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-20T05:18:04.203", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32916", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65645", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-11-09 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.", }, { lang: "es", value: "/usr/local/cm/bin/pktCap_protectData en Cisco Unified Communications Manager (también conocido como CUCM, formerly CallManager) v6, v7, y v8 permite a adminitradores autenticados remotamente ejecutar código de su elección a través de metacaracteres shell en una petición al interfaz administrativo, también conocido como Bug IDs CSCti52041 y CSCti74930.", }, ], id: "CVE-2010-3039", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-11-09T21:00:03.460", references: [ { source: "psirt@cisco.com", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2010/Nov/40", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/42129", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", }, { source: "psirt@cisco.com", tags: [ "Exploit", ], url: "http://www.nsense.fi/advisories/nsense_2010_003.txt", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/archive/1/514668/100/0/threaded", }, { source: "psirt@cisco.com", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/44672", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1024694", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/2915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://seclists.org/fulldisclosure/2010/Nov/40", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/42129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.nsense.fi/advisories/nsense_2010_003.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/514668/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/44672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1024694", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/2915", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-11 03:54
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en la interfaz web administrativa de Tomcat en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer archivos arbitrarios a través de secuencias de saltos de directorio en una cadena de entrada no especificada, aka Bug ID CSCui78815.", }, ], id: "CVE-2013-5528", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-11T03:54:53.800", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://osvdb.org/98336", }, { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/62960", }, { source: "psirt@cisco.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40887/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/98336", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/62960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/40887/", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 04:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager, podría permitir a un atacante remoto autenticado realizar ataques de inyección SQL en un sistema afectado. La vulnerabilidad se presenta porque la interfaz de administración basada en web comprueba inapropiadamente los valores de SQL. Un atacante podría explotar esta vulnerabilidad al autenticarse en la aplicación y enviar peticiones maliciosas a un sistema afectado. Una explotación con éxito podría permitir al atacante modificar valores o devolver valores desde la base de datos subyacente.", }, ], id: "CVE-2019-15972", lastModified: "2024-11-21T04:29:50.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T04:15:11.717", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-10-27 21:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(0.99838.4\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.99838.4\\):*:*:*:*:*:*:*", matchCriteriaId: "12D8D2E4-8536-4708-94A9-DE0031EAF62E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).", }, { lang: "es", value: "El Cisco Unified Communications Manager (CUCM) puede ser vulnerable a los datos que se pueden mostrar dentro de un marco en una página web, lo que a su vez puede llevar a un ataque de clickjacking. Más información: CSCuz64683 CSCuz64698. Lanzamientos conocidos afectados: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Lanzamientos conocidos solucionados: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).", }, ], id: "CVE-2016-6440", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-10-27T21:59:12.577", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/93521", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037005", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/93521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-20 15:27
Modified
2025-04-11 00:51
Severity ?
Summary
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.", }, { lang: "es", value: "El componente Enterprise License Manager (ELM) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores no fuerza debidamente los requisitos de autenticación, lo que permite a atacantes remotos leer archivos ELM a través de una solicitud directa hacia una URL, también conocido como Bug ID CSCum46494.", }, ], id: "CVE-2014-0733", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-20T15:27:09.437", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32914", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-07-10 11:06
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0\(1\)_base |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1\\)_base:*:*:*:*:*:*:*", matchCriteriaId: "B065CEE2-A88A-4923-A684-6AE76C4A8006", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.", }, { lang: "es", value: "Vulnerabilidad de XSS en viewfilecontents.do en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCup76308.", }, ], id: "CVE-2014-3315", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-07-10T11:06:27.973", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59739", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/68477", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/68477", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-06 21:15
Modified
2024-11-21 06:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unity_connection | * | |
| cisco | unity_connection | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "64D27440-93CF-4806-91CB-8234DB2FB89F", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "E0B2F05A-797D-48F5-9013-7E2C691DAD88", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "3F2FEC5B-FEA0-4766-BC68-E3391EAB2343", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "5669C77B-2126-495B-B999-7D7399A280E5", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "918C4D20-C104-4692-AF23-79BBAF66916B", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "39B6DB53-E770-4ABB-B186-1EDE491B24BA", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de sincronización. Esta vulnerabilidad es debido a una insuficiente protección de una contraseña del sistema. Un atacante podría explotar esta vulnerabilidad al observar el tiempo que tarda el sistema en responder a varias consultas. Una explotación con éxito podría permitir al atacante determinar una contraseña confidencial del sistema", }, ], id: "CVE-2022-20752", lastModified: "2024-11-21T06:43:28.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T21:15:11.387", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-208", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-29 10:37
Modified
2025-04-12 10:46
Severity ?
Summary
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.", }, { lang: "es", value: "El componente IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (Unified CM) permite a atacantes remotos obtener información sensible a través de una URL manipulada, también conocido como Bug ID CSCun74352.", }, ], id: "CVE-2014-2184", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-29T10:37:04.047", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-14 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/94793 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1037424 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94793 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037424 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).", }, { lang: "es", value: "Una vulnerabilidad en la página ccmadmin de Cisco Unified Communications Manager (CUCM) podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS. Más Información: CSCvb64641. Lanzamientos Afectados Conocidos: 11.5(1.10000.6) 11.5(1.11007.2). Lanzamientos Reparados Conocidos: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).", }, ], id: "CVE-2016-9206", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-14T00:59:27.490", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94793", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037424", }, { source: "psirt@cisco.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94793", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-29 12:07
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1028963 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028963 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.", }, { lang: "es", value: "Vulnerabilidad CSRF (Cross-site request forgery) en Enterprise License Manager (ELM) en Cisco Unified Communications Manager (CM) permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que hacen modificaciones ELM, también conocido como Bug ID CSCui58210.", }, ], id: "CVE-2013-3472", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-08-29T12:07:54.057", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028963", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-27 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | ios | * | |
| cisco | ios | * | |
| cisco | ios_xe | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B48B0779-7796-45D2-8967-459F562A6243", versionEndExcluding: "5.1\\(3g\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "98AF7F97-8702-4E7B-BDE4-BD5A3114FDF4", versionEndExcluding: "6.1\\(4\\)", versionStartIncluding: "6.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "96DB29BF-9A40-4591-BE41-C519B86C2EEF", versionEndExcluding: "7.1\\(2\\)", versionStartIncluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", matchCriteriaId: "FBB64D7E-7C96-4A3D-BA83-60EE8D5DFB21", versionEndIncluding: "12.4", versionStartIncluding: "12.2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", matchCriteriaId: "537031DB-5ADF-475E-BFFA-9092652BF2B6", versionEndIncluding: "15.1", versionStartIncluding: "15.0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "2DEE9D2D-BE50-4216-8F7E-CB6F46880E08", versionEndIncluding: "2.6.1", versionStartIncluding: "2.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores v6.1(4), y v7.x anteriores v7.1(2) permite a los atacantes remotos causar una denegación de servicio (parada del servicio de voz) a través de mensajes malformados SIP INVITE que lanzan una llamada incorrecta a la función sipSafeStrlen, también conocida como Bug ID CSCsz40392.", }, ], id: "CVE-2009-2051", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-27T17:00:00.953", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://osvdb.org/57453", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36498", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/57453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-07 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 12.0\(0.98000.452\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(0.98000.452\\):*:*:*:*:*:*:*", matchCriteriaId: "C6CD4D05-AE30-4224-A7AE-4B8539376412", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager podría permitir a un atacante remoto autenticado llevar a cabo un ataque XSS contra un usuario de la interfaz de administración basada en web de un dispositivo afectado. Esta vulnerabilidad afecta a Cisco Unified Communications Manager con una configuración predeterminada que ejecuta una versión de software afectada con el atacante autenticado como usuario administrativo. Más información: CSCvc83712. Lanzamientos afectados conocidos: 12.0(0.98000.452). Lanzamientos fijos conocidos: 12,0(0,98000,750) 12,0(0,98000, 708) 12,0(0,98000, 574) 12,0(0,98000,543) 12,0(0,98000,543) 12,0(0,98000, 704) 248) 12,0(0,98000,244) 12,0(0,98000,242).", }, ], id: "CVE-2017-3888", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-07T17:59:00.480", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97431", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038193", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97431", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) | |
| cisco | unity_connection | 11.5 | |
| cisco | unity_connection | 12.0 | |
| cisco | unity_connection | 12.5 | |
| cisco | unity_connection | 14.0 | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*", matchCriteriaId: "8F2437A5-217A-4CD1-9B72-A31BDDC81F42", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*", matchCriteriaId: "65D225AB-813B-4182-8916-0FE8307BB18B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.5:*:*:*:*:*:*:*", matchCriteriaId: "34376413-27A8-48DF-BC31-FFE043945406", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*", matchCriteriaId: "A85D56C0-D4A3-43A7-9CD1-FCEB6C8AEF66", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CAAAAF61-C33F-462B-B7C4-9F976235888A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM y Presence (Unified CM IM & amp;P) Service, y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site request forgery (CSRF) en un sistema afectado. La vulnerabilidad es debido a insuficientes protecciones de CSRF por parte del software afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario objetivo para que haga clic en un enlace malicioso. Una explotación con éxito podría permitir al atacante enviar peticiones arbitrarias que podrían cambiar la contraseña de un usuario objetivo. Un atacante podría luego tomar acciones no autorizadas en nombre del usuario objetivo.", }, ], id: "CVE-2019-1915", lastModified: "2024-11-21T04:37:40.783", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:15.547", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-22 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Unified Communications Manager de Cisco versiones 10.5 hasta 11.5, podría permitir a un atacante remoto no autenticado conducir un ataque de tipo Cross-Site Scripting (XSS) contra un usuario de la interfaz de administración basada en web de un dispositivo afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario para la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz o permitirle acceder a información confidencial sobre el navegador. IDs de Bug de Cisco: CSCvc06608.", }, ], id: "CVE-2017-6654", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-22T01:29:00.867", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98527", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038512", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCA70732-8ACD-47D2-A311-319180F86892", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a), permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados dando lugar al descubrimiento de credenciales cifradas mediante el aprovechamiento de los metadatos, también conocido como Bug ID CSCuh01051.", }, ], id: "CVE-2013-3404", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.947", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/54249", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-07-15 21:30
Modified
2025-04-09 00:30
Severity ?
Summary
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | 5.0 | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "7454C447-FE60-4DAE-8241-A9416A7206A6", versionEndIncluding: "3.3\\(5\\)sr2", versionStartIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "F2C88AFF-AC92-4CCF-869F-14E7DB9CF1C3", versionEndIncluding: "4.1\\(3\\)sr4", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB2FA97-9DDA-49D9-A931-D3AD130018E4", versionEndIncluding: "4.2\\(3\\)sr1", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "37FEF567-5F92-40BB-8581-3FCF584AAA1A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5FC80E93-195E-47EB-9D96-7CA5BCF1F73B", versionEndIncluding: "4.3\\(1\\)", versionStartIncluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F5EC537A-4E55-4779-B847-A156FCE98F51", versionEndIncluding: "5.1\\(1\\)", versionStartIncluding: "5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.", }, { lang: "es", value: "Error de superación de límite (off-by-one) en el servicio Certificate Trust List (CTL) Provider (CTLProvider.exe) de Cisco Unified Communications Manager (CUCM, anteriormente CallManager) anterior al 11/07/2007 permite a atacantes remotos ejecutar código de su elección mediante un paquete manipulado que dispara un desbordamiento de búfer basado en montículo.", }, ], id: "CVE-2006-5277", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-07-15T21:30:00.000", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/26043", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1018369", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.iss.net/threats/270.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.osvdb.org/36122", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/24868", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/26043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1018369", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.iss.net/threats/270.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.osvdb.org/36122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/24868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31437", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.11007.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*", matchCriteriaId: "7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, { lang: "es", value: "Una vulnerabilidad en el marco web Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado visualizar datos sensibles. Más Información: CSCvb61689. Lanzamientos Afectados Conocidos: 11.5(1.11007.2). Lanzamientos Reparados Conocidos: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], id: "CVE-2017-3836", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T02:59:00.417", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/96251", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037840", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96251", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037840", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-08 07:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/102964 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040343 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102964 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040343 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.0\(1.24075.1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.24075.1\\):*:*:*:*:*:*:*", matchCriteriaId: "F2BD3A99-FF3D-49F2-ABDE-EFE64D093967", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado acceda a información sensible en un sistema afectado. La vulnerabilidad existe porque el software afectado valida indebidamente entradas de búsqueda proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad enviando peticiones maliciosas a un sistema afectado. Un exploit con éxito podría permitir que el atacante recupere información sensible del sistema afectado. Cisco Bug IDs: CSCvf17644.", }, ], id: "CVE-2018-0135", lastModified: "2024-11-21T03:37:35.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-08T07:29:00.897", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102964", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040343", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102964", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040343", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la interfaz Enterprise Mobility Application (EMApp) en Cisco Unified Communications Manager (UCM) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05302.", }, ], id: "CVE-2014-0729", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.667", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/103220", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/103220", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65501", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 8.0 | |
| cisco | unified_communications_manager | 8.0\(1\) | |
| cisco | unified_communications_manager | 8.0\(2c\) | |
| cisco | unified_communications_manager | 8.0\(2c\)su1 | |
| cisco | unified_communications_manager | 8.0\(3\) | |
| cisco | unified_communications_manager | 8.0\(3a\) | |
| cisco | unified_communications_manager | 8.0\(3a\)su1 | |
| cisco | unified_communications_manager | 8.0\(3a\)su2 | |
| cisco | unified_communications_manager | 8.5 | |
| cisco | intercompany_media_engine | 8.0\(2\) | |
| cisco | intercompany_media_engine | 8.0\(3\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:intercompany_media_engine:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "5A9DC100-0680-4A7D-A973-3A91A5429918", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intercompany_media_engine:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F16B5E38-666E-4B54-AD32-29B3380F4814", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.", }, { lang: "es", value: "Vulnerabilidad no especificada en el Service Advertisement Framework (SAF) en Cisco Unified Communications Manager (también conocido cómo CUCM, formalmente CallManager) v8.x antes de v8.5(1) y Cisco Intercompany Media Engine v8.x antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de paquetes SAF modificados, también conocido como Bug ID CSCth19417", }, ], id: "CVE-2011-2564", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-29T15:55:01.347", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025969", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025969", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.", }, { lang: "es", value: "La interfaz Bulk Administration en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos evadir la autenticación y leer archivos arbitrarios mediante el uso de una petición no especificada, también conocido como Bug ID CSCum05340.", }, ], id: "CVE-2014-0724", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.527", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32825", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32825", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-17 03:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104200 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040928 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040929 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104200 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040928 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040929 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.", }, { lang: "es", value: "Una vulnerabilidad en el framework web de Cisco Unified Communications Manager y Cisco Unified Presence podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de dicha interfaz en el sistema afectado. La vulnerabilidad se debe a una validación de entrada insuficiente de ciertos parámetros que se pasan al software afectado mediante los métodos HTTP GET y POST. Un atacante que pueda convencer a un usuario para que siga un enlace proporcionado por el atacante podría ejecutar código de script o HTML en el navegador del usuario en el contexto de un sitio afectado. Cisco Bug IDs: CSCvg89116.", }, ], id: "CVE-2018-0328", lastModified: "2024-11-21T03:37:59.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-17T03:29:00.950", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104200", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040928", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040929", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104200", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 6.0 | |
| cisco | unified_communications_manager | 6.0\(1\) | |
| cisco | unified_communications_manager | 6.0\(1a\) | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | unified_communications_manager | 6.1\(1\) | |
| cisco | unified_communications_manager | 6.1\(1a\) | |
| cisco | unified_communications_manager | 6.1\(1b\) | |
| cisco | unified_communications_manager | 6.1\(2\) | |
| cisco | unified_communications_manager | 6.1\(2\)su1 | |
| cisco | unified_communications_manager | 6.1\(2\)su1a | |
| cisco | unified_communications_manager | 6.1\(3\) | |
| cisco | unified_communications_manager | 6.1\(4\) | |
| cisco | unified_communications_manager | 6.1.0 | |
| cisco | unified_communications_manager | 7.0 | |
| cisco | unified_communications_manager | 7.0\(1\) | |
| cisco | unified_communications_manager | 7.0\(2\) | |
| cisco | unified_communications_manager | 7.1 | |
| cisco | unified_communications_manager | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42F3870B-5DE9-4E3E-BEA7-863916DD45DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM, antes CallManager) v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3a)su1, y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegación de servicio (fallo de proceso) a través de un mensaje SCCP malformado (1) RegAvailableLines or (2) FwdStatReq con un numero de linea invalido, también conocido como Bug ID CSCtc47823.", }, ], id: "CVE-2010-0588", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-03-05T16:30:00.770", references: [ { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1023670", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/38501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1023670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38501", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-26 18:15
Modified
2024-11-21 08:52
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm | Issue Tracking, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "FB3C1282-5EC8-4E46-ADD9-898449D96A22", versionEndExcluding: "12.5\\(1\\)su8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "312C8052-DA09-4B61-9E90-E9EEE265A4BC", versionEndExcluding: "14su3", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "EA4F43B2-1C73-415B-84BF-26D0322FA2C1", versionEndExcluding: "12.5\\(1\\)su8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "C64C5167-7428-4F9E-B1E9-CAD3236B64AD", versionEndExcluding: "14su3", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DFF9029D-553F-43FD-8F37-86B11A17EC91", versionEndExcluding: "12.5\\(1\\)su8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "D09B9BD3-3C31-4816-AD4C-043543C56DB5", versionEndExcluding: "14.0su3", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "E2BC7834-136A-4117-BEDC-0C96EC59227B", versionEndExcluding: "12.5\\(1\\)su8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "06851CA9-B778-4471-BB1D-A2237B225A4C", versionEndExcluding: "14su3", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*", matchCriteriaId: "66E25EE4-AB7B-42BF-A703-0C2E83E83577", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3164D29F-4726-4438-9F31-8644B1C2F0E7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "7A2BE523-1AAF-4AB5-ACA3-A1E194590B09", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0A7B033E-5B7F-4C11-9C6C-CA4363770A7A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.", }, { lang: "es", value: "Una vulnerabilidad en múltiples productos Cisco Unified Communications y Contact Center Solutions podría permitir que un atacante remoto no autenticado ejecute código arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe al procesamiento inadecuado de los datos proporcionados por el usuario que se leen en la memoria. Un atacante podría aprovechar esta vulnerabilidad enviando un mensaje manipulado a un puerto de escucha de un dispositivo afectado. Una explotación exitosa podría permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario de servicios web. Con acceso al sistema operativo subyacente, el atacante también podría establecer acceso root en el dispositivo afectado.", }, ], id: "CVE-2024-20253", lastModified: "2024-11-21T08:52:06.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.3, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-26T18:15:10.970", references: [ { source: "psirt@cisco.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-21 19:15
Modified
2024-11-21 06:43
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 14.0 | |
| cisco | unified_communications_manager | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EB810DDE-18A0-4168-8EC1-726DA62453E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:-:*:*:*", matchCriteriaId: "CD0AB4E6-61AF-4FB9-8292-75FC56EE61EA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:session_management:*:*:*", matchCriteriaId: "5B613D5E-BF3D-426B-9A5B-0322D48EE693", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.", }, { lang: "es", value: "Una vulnerabilidad en el proceso de actualización de software de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante remoto autenticado escribir archivos arbitrarios en el sistema afectado. Esta vulnerabilidad es debido a restricciones inapropiadas aplicadas a un script del sistema. Un atacante podría explotar esta vulnerabilidad al usar variables diseñadas durante la ejecución de una actualización del sistema. Una explotación con éxito podría permitir al atacante sobrescribir o añadir datos arbitrarios a los archivos del sistema usando privilegios de nivel root", }, ], id: "CVE-2022-20789", lastModified: "2024-11-21T06:43:33.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:N/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-21T19:15:08.630", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-73", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-610", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-12 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 9.1\(2.10000.28\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2.10000.28\\):*:*:*:*:*:*:*", matchCriteriaId: "3655A2A6-E9A2-43C2-97FE-96BD8343E5E8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.", }, { lang: "es", value: "Vulnerabilidad de XSS en el Framework web en Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) permite a usuarios remotos autenticados inyectar script web o HTML arbitrarios a través de un parámetro no especificado, también conocido como Bug ID CSCuq68443.", }, ], id: "CVE-2014-3363", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-09-12T01:55:07.060", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59105", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/69739", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030836", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-26 07:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 12.0\(0.99000.9\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(0.99000.9\\):*:*:*:*:*:*:*", matchCriteriaId: "B63D5440-BFC6-4CAC-8F9F-81E494C0A666", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).", }, { lang: "es", value: "Una vulnerabilidad en el motor de escaneo de contenido de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) podría permitir a un atacante remoto no autenticado eludir el mensaje configurado o filtros de contenido en el dispositivo. Productos afectados: Esta vulnerabilidad afecta a todos los lanzamientos anteriores al primer lanzamiento reparado de Cisco AsyncOS Software para Cisco Email Security Appliances, tanto accesorios virtuales como de hardware, si el software está configurado para aplicar un filtro de mensajes o de contenido a los archivos adjuntos de correos electrónicos entrantes. La vulnerabilidad no se limita a reglas o acciones específicas para un filtro de mensajes o contenido. Más información: CSCuz16076. Lanzamientos afectados conocidos: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Lanzamientos reparados conocidos: 10.0.1-083 10.0.1-087.", }, ], id: "CVE-2017-3802", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-26T07:59:00.560", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95636", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037655", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/95636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-06 21:15
Modified
2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5E64693D-860A-45F4-89D6-4294E0C50637", versionEndIncluding: "11.5\\(1.10000.6\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "648976B9-A432-4010-9BA2-A4D78DB181C8", versionEndIncluding: "11.5\\(1.10000.6\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "624F2FFF-D108-4E8E-BBC5-42B9A545CB32", versionEndIncluding: "12.5\\(1.10000.22\\)", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "FBEB09F5-7DF1-403C-80D1-300001364ED4", versionEndIncluding: "12.5\\(1.10000.22\\)", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BC0FD659-ACD8-4E47-9CB7-A88C518522B3", versionEndIncluding: "14.0\\(1.10000.20\\)", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "3F897942-E510-44B0-92C0-65166DF61020", versionEndIncluding: "14.0\\(1.10000.20\\)", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "9A95FE70-69C3-46B0-9E16-5809A7397949", versionEndIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "9B5898E6-A2E1-45F4-9A52-B1350A113050", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.", }, { lang: "es", value: "Una vulnerabilidad en los privilegios del usuario de la base de datos de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), y Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) podría permitir a un atacante autenticado y remoto leer archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. Esta vulnerabilidad es debido a una insuficiencia de restricciones de permisos de archivos. Un atacante podría explotar esta vulnerabilidad mediante el envío de un comando diseñado desde la API a la aplicación. Una explotación con éxito podría permitir al atacante leer archivos arbitrarios en el sistema operativo subyacente del dispositivo afectado. El atacante necesitaría credenciales de usuario válidas para explotar esta vulnerabilidad", }, ], id: "CVE-2022-20791", lastModified: "2024-11-21T06:43:33.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T21:15:11.497", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-36", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 06:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/102725 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040245 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102725 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040245 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.", }, { lang: "es", value: "Una vulnerabilidad en el framework web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado visualice datos sensibles. Esta vulnerabilidad se debe a una protección de tablas de bases de datos insuficiente. Un atacante podría explotar esta vulnerabilidad navegando hasta una URL específica. Esta vulnerabilidad podría permitir que el atacante visualice información de la librería de datos. Cisco Bug IDs: CSCvf20269.", }, ], id: "CVE-2018-0105", lastModified: "2024-11-21T03:37:31.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T06:29:01.143", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102725", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040245", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102725", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-425", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de Cisco Unified Communications Manager y Cisco Unified Communications Manager Session Management Edition (SME), podría permitir a un atacante remoto no autenticado acceder a información confidencial o causar una condición de denegación de servicio (DoS). La vulnerabilidad es debido a restricciones inapropiadas en las entidades XML. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones maliciosas hacia un sistema afectado que contenga referencias en entidades XML. Una explotación con éxito podría permitir al atacante recuperar archivos del sistema local, resultando en la divulgación de información confidencial, o causar que la aplicación consuma los recursos disponibles, resultando en una condición DoS.", }, ], id: "CVE-2019-12711", lastModified: "2024-11-21T04:23:25.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:14.187", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CF8506B4-287F-4430-86C5-3F122A83CA1C", versionEndExcluding: "14", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "46DE37E0-D799-4F2D-A22A-980649992E46", versionEndExcluding: "14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & amp; Presence Service (Unified CM IM & amp; P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de interfaz. Estas vulnerabilidades se presentan porque la interfaz de administración basada en web no comprueba apropiadamente la entrada suministrada por el usuario. Un atacante podría explotar estas vulnerabilidades al persuadir a un usuario de la interfaz a hacer clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2021-1407", lastModified: "2024-11-21T05:44:17.157", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.733", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-03-12 15:20
Modified
2025-04-09 00:30
Severity ?
Summary
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "0B9DCB59-F6AD-4CBD-B746-8FBA4BF733CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr2b:*:*:*:*:*:*:*", matchCriteriaId: "F3E094AB-5F10-4238-BBE3-236B7306C995", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "2496F01D-E387-48CD-B586-826D284BBC2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "B5955E35-E200-4054-8757-39BD04F13220", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\)sr.1:*:*:*:*:*:*:*", matchCriteriaId: "A459F3A2-817B-4F7F-AF9B-4EACB90B7DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0BB09252-6C59-4E1C-93C8-0AC3ED54A294", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(2\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "CA0F270A-F953-43C7-9358-3B237B355BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.", }, { lang: "es", value: "La funcionalidad IP Phone Personal Address Book (PAB) Synchronizer en Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) v4.1, v4.2 anteriores v4.2(3)SR4b, v4.3 anteriores v4.3(2)SR1b, v5.x anteriores v5.1(3e), v6.x anteriores v6.1(3), y v7.0 anteriores v7.0(2) envía credenciales de cuentas privilegiadas del servicio directorio a el cliente en texto plano, lo que permite a los atacantes remotos modificar la configuración CUCM y desarrollar otros acciones privilegiadas interceptando estas credenciales, y usándola en peticiones no relativas a las tareas de sincronización establecidas, como se ha demostrado a través de (1) credenciales de la cuenta DC Directory en CUCM v4.x y (2) credenciales de cuenta TabSyncSysUser en CUCM v5.x hasta v7.x.", }, ], evaluatorImpact: "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml\r\n\r\n\"Impact\r\n\r\nSuccessful exploitation of this vulnerability may allow an attacker to intercept user credentials that allow the attacker to escalate their privilege level and obtain complete administrative access to a vulnerable Cisco Unified Communications Manager system. If integrated with an external directory service, the intercepted user credentials may allow an attacker to gain access to additional systems configured to use the directory service for authentication.\"", id: "CVE-2009-0632", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-03-12T15:20:49.750", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/52589", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/34238", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/34082", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1021839", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/0675", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/52589", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/34238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/34082", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/0675", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49196", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-06 21:15
Modified
2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unity_connection | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "90259C71-D12C-4E4D-99B1-94CB7273608C", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2BC1ED14-2795-48C1-94A6-24BB2272277F", versionEndExcluding: "14.0su2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "D713E0A3-D63C-42E6-804C-865801407787", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.", }, { lang: "es", value: "Una vulnerabilidad en el marco de Recuperación de Desastres de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), y Cisco Unity Connection podría permitir a un atacante autenticado y remoto llevar a cabo determinadas acciones administrativas que no deberían poder. Esta vulnerabilidad es debido a una comprobación de control de acceso insuficiente en el dispositivo afectado. Un atacante con privilegios de sólo lectura podría explotar esta vulnerabilidad al ejecutar un comando vulnerable específico en un dispositivo afectado. Una explotación con éxito podría permitir al atacante llevar a cabo una serie de acciones administrativas que no debería poder realizar", }, ], id: "CVE-2022-20859", lastModified: "2024-11-21T06:43:42.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T21:15:11.797", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-27 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "955CAD70-C632-4317-9B5D-89B68AAD1C8D", versionEndExcluding: "6.1\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) anteriores a v6.1(1) permite a los atacantes remotos causar una denegación de servicio (parada servicio de voz) a través de cabeceras malformadas en un mensaje SIP, también conocido como Bug ID CSCsi46466.", }, ], id: "CVE-2009-2050", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-27T17:00:00.877", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://osvdb.org/57452", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36495", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/57452", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-27 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B48B0779-7796-45D2-8967-459F562A6243", versionEndExcluding: "5.1\\(3g\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "98AF7F97-8702-4E7B-BDE4-BD5A3114FDF4", versionEndExcluding: "6.1\\(4\\)", versionStartIncluding: "6.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "70FFE57A-3D1F-4310-87F5-CEE420125357", versionEndExcluding: "7.0\\(2\\)", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "96DB29BF-9A40-4591-BE41-C519B86C2EEF", versionEndExcluding: "7.1\\(2\\)", versionStartIncluding: "7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to \"tracking of network connections,\" aka Bug IDs CSCsq22534 and CSCsw52371.", }, { lang: "es", value: "Unified Communications Manager de Cisco (también conocido como CUCM, anteriormente CallManager) versión 4.x, versión 5.x anterior a 5.1 (3g), versión 6.x anterior a 6.1 (4), versión 7.0 anterior a 7.0 (2) y versión 7.1 anterior a 7.1 (2); y Unified Presence de Cisco versión 1.x, versión 6.x anterior a 6.0 (6) y versión 7.x anterior a 7.0 (4); permite a los atacantes remotos causar una denegación de servicio (interrupción de los servicios TCP) por medio de una gran cantidad de conexiones TCP, relacionadas con el \"tracking of network connections,\" también conocida como Bug Id. CSCsq22534 y CSCsw52371.", }, ], id: "CVE-2009-2052", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-27T17:00:01.000", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36498", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37039", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1023018", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36676", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/37039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1023018", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36676", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2915", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.", }, { lang: "es", value: "Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCth39586.", }, ], id: "CVE-2011-1605", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-05-03T22:55:02.387", references: [ { source: "psirt@cisco.com", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/44331", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/47610", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025449", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/44331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/47610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67123", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-25 03:27
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1028938 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028938 | Third Party Advisory, VDB Entry |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCA70732-8ACD-47D2-A311-319180F86892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.", }, { lang: "es", value: "Desbordamiento de búfer en Cisco Unified Communications Manager (Unified CM) v7.1(x) anterior a v7.1(5b)su6, v8.5(x) anterior a v8.5(1)su6, v8.6(x) anterior a v8.6(2a)su3, y v9.x anterior a v9.1(2) permite a los usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados, también conocido como Bug ID CSCud54358.", }, ], id: "CVE-2013-3462", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-25T03:27:32.690", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028938", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1F2FC25F-22C5-43B5-9F69-D5035C77FAF1", versionEndExcluding: "4.1\\(3\\)sr6", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "62436DD2-D8B1-4BBE-9E77-32E65D2F8599", versionEndExcluding: "4.2\\(3\\)sr3", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6012B9A6-B140-4076-9BA8-FB419A7FDA9C", versionEndExcluding: "4.3\\(2\\)", versionStartIncluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4013A936-92B1-4579-ABD3-B57A80A8C8E0", versionEndExcluding: "5.1\\(3\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "795C8E07-9671-4B8D-ABC6-D373F49D0244", versionEndExcluding: "6.1\\(1\\)", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.", }, { lang: "es", value: "Vulnerabilidad no especificada en Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (reinicio servicio CCM) a través de un mensaje SIP INVITE sin especificar, también conocido como Bug ID CSCsk46944.", }, ], id: "CVE-2008-1747", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42418", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-27 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4C7C8DA6-9BAD-4ECB-8901-F1527C8710D5", versionEndExcluding: "5.1\\(3g\\)", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8E11B055-9625-4A00-8252-6E1660037F12", versionEndExcluding: "6.1\\(4\\)", versionStartIncluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "906EED24-1D35-4952-AFCA-D7D5223F66D3", versionEndExcluding: "7.0\\(2a\\)su1", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "307FB584-44E5-4A1C-B219-E438D9C0CF5C", versionEndExcluding: "7.1\\(2a\\)su1", versionStartIncluding: "7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores a v6.1(4), v7.0 anteriores a v7.0(2a)su1, y v7.1 anteriores a v7.1(2a)su1 permite a los atacantes remotos causar una denegación de servicio (agotamiento de la descripción del fichero y parada SIP) a través de una inundación de paquetes TCP, también conocido como Bug ID CSCsx23689.", }, ], id: "CVE-2009-2054", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-27T17:00:01.047", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://osvdb.org/57456", }, { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36498", }, { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36499", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/57456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-10 09:15
Modified
2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "A7F22373-7076-4A4B-886B-C74F582C710F", versionEndExcluding: "14su2", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "B8D0B3BD-AD4D-4DD0-984E-447788439C9D", versionEndExcluding: "14su2", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante remoto autenticado eliminar archivos arbitrarios de un sistema afectado. Esta vulnerabilidad se presenta porque el software afectado no comprueba apropiadamente las peticiones HTTP. Un atacante podría aprovechar esta vulnerabilidad mediante el envío de una petición HTTP diseñada al software afectado. Una explotación con éxito podría permitir al atacante eliminar archivos arbitrarios del sistema afectado", }, ], id: "CVE-2022-20816", lastModified: "2024-11-21T06:43:36.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-10T09:15:08.410", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-05-16 03:36
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.", }, { lang: "es", value: "Cisco Unified Communications Manager (CUCM) no limita adecuadamente la tasa de intentos de autenticación, lo que permite a atacantes remotos provocar una denegación de servicio (aplicación más lenta) a través de una serie de peticiones, también conocido como Bug ID CSCud39515.", }, ], id: "CVE-2013-1188", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-05-16T03:36:22.690", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en la interfaz de informes CCM en el servidor en Cisco Unified Communications Manager permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCuq90589.", }, ], id: "CVE-2014-3372", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-10-31T10:55:02.097", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/61003", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/70846", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031159", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70846", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031159", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-07-14 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39905 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032888 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032888 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.", }, { lang: "es", value: "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) múltiple en la página ccmivr en el gestor de comunicaciones unificado de Cisco (anteriormente el gestor de llamadas) 10.5 (2.10000.5) que permite a atacantes remotos inyectar secuencias de comandos o HTML arbitrario por medio de un parámetro manipulado, también conocido como Bud ID CSCut19580.", }, ], id: "CVE-2015-4272", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-07-14T14:59:05.137", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032888", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032888", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9052FB98-E267-4D79-9F3E-BFC79FAF95B5", versionEndExcluding: "4.1\\(3\\)sr7", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6D27236B-0B95-4899-B1AF-0E75D8B6044F", versionEndExcluding: "4.2\\(3\\)sr4", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6012B9A6-B140-4076-9BA8-FB419A7FDA9C", versionEndExcluding: "4.3\\(2\\)", versionStartIncluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4013A936-92B1-4579-ABD3-B57A80A8C8E0", versionEndExcluding: "5.1\\(3\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "795C8E07-9671-4B8D-ABC6-D373F49D0244", versionEndExcluding: "6.1\\(1\\)", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.", }, { lang: "es", value: "Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) no valida apropiadamente URLs SIP, lo cual permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP INVITE, también conocido como ug ID CSCsl22355.", }, ], id: "CVE-2008-1748", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-08-26 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5536D6A1-B7F4-4A88-8609-6AA3DE15BAC2", versionEndIncluding: "7.0\\(2a\\)su2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FB76A56C-880B-4146-A023-3DCFF5D2C39F", versionEndIncluding: "7.1\\(5\\)su1a", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.", }, { lang: "es", value: "La implementación SendCombinedStatusInfo en Cisco Unified Communications Manager (también conocido como CUCM, antes CallManager) v7.0SU anterior a v7.0(2a)SU3, v7.1 anterior v7.1(5), y v8.0 anterior a v8.0(3) permite a atacantes remotos provocar una denegación de servicio (error de proceso ) a través de un mensaje malformado SIP REGISTER, también conocido como Bug ID CSCtf66305.", }, ], evaluatorSolution: "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml\r\n\r\n'Cisco bug ID CSCtd17310 and has been assigned the CVE identifier CVE-2010-2837. This vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(5)SU1, 7.0(2a)SU3, 7.1(3b)SU2, 7.1(5) and 8.0(1). Cisco Unified Communications Manager version 4.x is not affected.'", id: "CVE-2010-2838", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-08-26T21:00:01.497", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2010/2187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/2187", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-01-17 03:00
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 4.0 | |
| cisco | unified_callmanager | 4.1 | |
| cisco | unified_callmanager | 4.1\(3\)sr4 | |
| cisco | unified_callmanager | 4.1\(3\)sr5 | |
| cisco | unified_callmanager | 4.1\(3\)sr5b | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "FF04567B-73C5-4ACC-9B31-5C3BAAB6E641", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "AC772518-51CC-4692-BEB2-2C9C2A215F44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "20A8643E-304C-4879-8CD5-209C1016DF31", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr5:*:*:*:*:*:*:*", matchCriteriaId: "FA1FF9B0-3BEB-4256-8D50-11CD6EEF04BD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1\\(3\\)sr5b:*:*:*:*:*:*:*", matchCriteriaId: "D909C0AF-F213-4371-8A35-C5720B43ED90", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en el servicio proveedor de Listas de Certificados Confiables (CTL, Certificate Trust List) (CTLProvider.exe) en Cisco Unified Communications Manager (CUCM) 4.2 anterior a 4.2(3)SR3 y 4.3 anterior a 4.3(1)SR1, y CallManager 4.0 y 4.1 anterior a 4.1(3)SR5c, permite a atacantes remotos provocar una denegación de servicio o ejecutar código de su elección mediante una petición larga.", }, ], id: "CVE-2008-0027", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-01-17T03:00:00.000", references: [ { source: "psirt@cisco.com", url: "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/28530", }, { source: "psirt@cisco.com", url: "http://securityreason.com/securityalert/3551", }, { source: "psirt@cisco.com", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/archive/1/486432/100/0/threaded", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/27313", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1019223", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/0171", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/28530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/3551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/486432/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/27313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1019223", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/0171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-29 10:37
Modified
2025-04-12 10:46
Severity ?
Summary
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.", }, { lang: "es", value: "El componente Call Detail Records (CDR) Management en Cisco Unified Communications Manager (Unified CM) permite a usuarios remotos autenticados obtener información sensible mediante la lectura de campos extraños en un documento HTML, también conocido como Bug ID CSCun74374.", }, ], id: "CVE-2014-2185", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-29T10:37:04.077", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-22 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D481FEA8-BEC3-4BEB-B205-F60C99A12222", versionEndIncluding: "8.6\\(4\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCA70732-8ACD-47D2-A311-319180F86892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence:-:*:*:*:*:*:*:*", matchCriteriaId: "63CC14CC-D958-419F-B248-E2D615C9584D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.", }, { lang: "es", value: "Fuga de memoria en Cisco Unified Communications Manager IM y Presence Service anterior a 8.6(5)SU1 y 9.x anterior a 9.1(2), y Cisco Unified Presence, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y memoria) realizando multitud de conexiones TCP a los puertos (1) 5060 o (2) 5061. Aka Bug ID CSCud84959.", }, ], id: "CVE-2013-3453", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-22T22:55:05.093", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a usuarios autenticados remotamente ejecutar comandos SQL a través de vectores no especificados, también conocido como error de identificación CSCtg85647.", }, ], id: "CVE-2011-1609", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-05-03T22:55:02.480", references: [ { source: "psirt@cisco.com", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/44331", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/47605", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025449", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/44331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/47605", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-10-18 00:17
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 5.0 | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "37FEF567-5F92-40BB-8581-3FCF584AAA1A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C144784A-941D-4919-9E21-1E2AD2738A08", versionEndIncluding: "5.1\\(2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.", }, { lang: "es", value: "Desbordamiento de búfer en Centralized TFTP File Locator Service de Cisco Unified Communications Manager (CUCM, antes conocido como CallManager) 5.1 anterior a 5.1(3), y Unified CallManager 5.0, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio mediante vectores no especificados que implican el procesamiento de nombres de fichero, también conocido como CSCsh47712.", }, ], id: "CVE-2007-5538", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-10-18T00:17:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/37940", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27296", }, { source: "cve@mitre.org", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/26105", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1018828", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3532", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/37940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/26105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1018828", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3532", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr.5:*:*:*:*:*:*", matchCriteriaId: "FBE07ABF-97B2-48B4-8EF6-861AB41340F2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr4:*:*:*:*:*:*", matchCriteriaId: "9135D3DE-5110-47CB-A23F-7CE3D9AFD153", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5:*:*:*:*:*:*", matchCriteriaId: "914A2B2A-6292-451B-B26A-1B529CECBE3B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5b:*:*:*:*:*:*", matchCriteriaId: "72FAE8F7-504A-4B6F-9C9D-45158AC6C208", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5c:*:*:*:*:*:*", matchCriteriaId: "835DD627-C5F1-4733-8949-C91592EC719A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "0467A78A-8449-4012-BD80-86BAF8376B8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "363E750B-4BC1-4A4B-8440-1617BEF9D8A4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "B44AB103-60E6-4FAF-BD7C-54365E30C88A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2\\(3\\)sr.2:*:*:*:*:*:*", matchCriteriaId: "701A374B-00A7-4151-8652-9A39FAECBC5A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr2b:*:*:*:*:*:*", matchCriteriaId: "42F41FF1-3FD1-4E90-877C-AC10D56CFEA8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr3:*:*:*:*:*:*", matchCriteriaId: "291CFDEC-CDF8-438D-9D1E-2832CE705FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "0B9DCB59-F6AD-4CBD-B746-8FBA4BF733CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr2b:*:*:*:*:*:*:*", matchCriteriaId: "F3E094AB-5F10-4238-BBE3-236B7306C995", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "2496F01D-E387-48CD-B586-826D284BBC2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "B5955E35-E200-4054-8757-39BD04F13220", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3_sr3:*:*:*:*:*:*:*", matchCriteriaId: "55FCD7DD-A979-4B35-8C9C-5DAA340D2AEA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_1:*:*:*:*:*:*:*", matchCriteriaId: "E837527C-D5FA-479F-A61B-8667972FC594", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_2:*:*:*:*:*:*:*", matchCriteriaId: "488023AF-EA56-40E2-9A23-61EA758180D7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3:*:*:*:*:*:*:*", matchCriteriaId: "D9E1D151-8031-447A-9CB9-871599404339", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3sr1:*:*:*:*:*:*:*", matchCriteriaId: "5C48DC30-8F7D-4448-9C42-3CBC25053C99", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:4.3\\(1\\)sr.1:*:*:*:*:*:*", matchCriteriaId: "25EF5BF5-5909-4194-96DD-E8725BD3499A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\)sr.1:*:*:*:*:*:*:*", matchCriteriaId: "A459F3A2-817B-4F7F-AF9B-4EACB90B7DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0BB09252-6C59-4E1C-93C8-0AC3ED54A294", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(2\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "CA0F270A-F953-43C7-9358-3B237B355BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0DCCDC7F-5326-4B6B-9B6F-DAD43E51CD76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3_1:*:*:*:*:*:*:*", matchCriteriaId: "7F524EFB-C076-4EA2-8BF7-9A1B21036CBB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42F3870B-5DE9-4E3E-BEA7-863916DD45DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.", }, { lang: "es", value: "Cisco Unified Communications Manager (tambien conocido como CUCM, anteriormente CallManager) v4.x anteriores a v4.3(2)SR2, v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3a)su1, y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegación de servicio (fallo de proceso) a través de un mensaje SCCP StationCapabilitiesRes, con un campo MaxCap invalido, también conocido como Bug ID CSCtc38985.", }, ], evaluatorImpact: "Per:http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml\r\n\r\nThe following products are affected by vulnerabilities that are described in this advisory:\r\n\r\n * Cisco Unified Communications Manager 4.x\r\n * Cisco Unified Communications Manager 5.x\r\n * Cisco Unified Communications Manager 6.x\r\n * Cisco Unified Communications Manager 7.x", id: "CVE-2010-0587", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-03-05T16:30:00.740", references: [ { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1023670", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/38496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1023670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38496", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 6.0 | |
| cisco | unified_communications_manager | 6.0\(1\) | |
| cisco | unified_communications_manager | 6.0\(1a\) | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | unified_communications_manager | 6.1\(1\) | |
| cisco | unified_communications_manager | 6.1\(1a\) | |
| cisco | unified_communications_manager | 6.1\(1b\) | |
| cisco | unified_communications_manager | 6.1\(2\) | |
| cisco | unified_communications_manager | 6.1\(2\)su1 | |
| cisco | unified_communications_manager | 6.1\(2\)su1a | |
| cisco | unified_communications_manager | 6.1\(3\) | |
| cisco | unified_communications_manager | 6.1\(4\) | |
| cisco | unified_communications_manager | 6.1.0 | |
| cisco | unified_communications_manager | 7.0 | |
| cisco | unified_communications_manager | 7.0\(1\) | |
| cisco | unified_communications_manager | 7.0\(2\) | |
| cisco | unified_communications_manager | 7.1 | |
| cisco | unified_communications_manager | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42F3870B-5DE9-4E3E-BEA7-863916DD45DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM, anteriormente CallManager) v6.x anteriores a v6.1(5), v7.x anteriores a v7.1(3b)SU2, y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegación de servicio (fallo de proceso) a través de un mensaje SIP REG malformado, relacionado con un desbordamiento del campo \"Telephone-URL\", también conocido como Bug ID CSCtc62362.", }, ], id: "CVE-2010-0591", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-03-05T16:30:00.833", references: [ { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1023670", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/38498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1023670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38498", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-09-23 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", matchCriteriaId: "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*", matchCriteriaId: "752C3C6B-910D-4153-A162-DF255F60306B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*", matchCriteriaId: "28097F62-B51F-4A3B-BB31-6FA67E8C8B5A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*", matchCriteriaId: "80E8AF76-0A1D-4BAE-BF10-D63080352E6E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*", matchCriteriaId: "3B674647-4438-4450-9DCA-25184D4E2682", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*", matchCriteriaId: "86E5CC41-1344-4A65-A653-8012ACE2CF2D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*", matchCriteriaId: "71FB7128-CF11-4903-97D7-418403A03CD6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*", matchCriteriaId: "63EFB20A-78E2-4BA1-B87C-BB74E8982D99", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*", matchCriteriaId: "3A273401-9394-4BC3-879C-DE3EFC09B3F2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*", matchCriteriaId: "6DABF911-FCDF-4095-A95D-4BB73628FCA3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*", matchCriteriaId: "77886493-C30E-439E-BBB4-3D34A8938378", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*", matchCriteriaId: "7813F511-CF6D-487F-9D1C-7A6CF85AD724", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*", matchCriteriaId: "677DC4B6-8B3D-4A0D-9934-743FD7494DF6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*", matchCriteriaId: "F084DA16-24CB-41D1-92B7-C6E0499AAD10", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1ya:*:*:*:*:*:*:*", matchCriteriaId: "194F0AB1-92E6-4CE3-A5A1-904BF75F05D0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*", matchCriteriaId: "884753D4-3AF0-4723-9D51-26BA7B4CA533", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*", matchCriteriaId: "DAF3601D-DF44-4A10-A424-8E97C65A36A5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*", matchCriteriaId: "BC38BD6C-9823-4D2A-8BE2-60AABE3C4932", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1ye:*:*:*:*:*:*:*", matchCriteriaId: "C1835410-77EB-46F2-ACF0-379759D4B0D6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*", matchCriteriaId: "3BB103ED-B170-4193-84CD-4C59F4D6A10A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yh:*:*:*:*:*:*:*", matchCriteriaId: "F88DCCDE-6A81-473F-B4FE-95A84F8DF964", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yi:*:*:*:*:*:*:*", matchCriteriaId: "63D55886-268F-4E4D-B00F-8A5D97A73BA6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2b:*:*:*:*:*:*:*", matchCriteriaId: "E314B0F7-1A27-483E-B3B3-947A5561281F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bw:*:*:*:*:*:*:*", matchCriteriaId: "05B838C9-E60E-46A3-A5FB-4F67291D0851", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bx:*:*:*:*:*:*:*", matchCriteriaId: "2B29F111-CBA4-464D-8B25-C2677BA270EC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2by:*:*:*:*:*:*:*", matchCriteriaId: "E96C76C5-52BA-45D9-9803-048E770BAA84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2cz:*:*:*:*:*:*:*", matchCriteriaId: "B7F75542-F2C5-4CEB-B655-E0620408A3B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2dd:*:*:*:*:*:*:*", matchCriteriaId: "BDC41749-91FC-43DB-A52F-AC3E3A2205C7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2dx:*:*:*:*:*:*:*", matchCriteriaId: "EE0195AE-24FD-43B2-892B-F646B8B5ED6A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ex:*:*:*:*:*:*:*", matchCriteriaId: "0912492E-565A-4559-ABB8-D2898F06CF29", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ira:*:*:*:*:*:*:*", matchCriteriaId: "2424530B-2353-48F2-A076-0C44AAA4C89E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2irb:*:*:*:*:*:*:*", matchCriteriaId: "7B88D71E-C9CB-44D7-AB06-49CFF1117DA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2irc:*:*:*:*:*:*:*", matchCriteriaId: "113CC627-7381-49DF-B384-CC70FB795EFF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ird:*:*:*:*:*:*:*", matchCriteriaId: "D173F259-359F-4F1A-AF52-F1BCE014B081", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ire:*:*:*:*:*:*:*", matchCriteriaId: "F8DAB30C-D1FB-4DBF-A942-FD141E011173", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixa:*:*:*:*:*:*:*", matchCriteriaId: "DEDCF5A7-14E5-4E0C-88AD-7F891B5EFC66", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixb:*:*:*:*:*:*:*", matchCriteriaId: "F7111CAE-9279-49DA-B05A-046BB3EFA85F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixc:*:*:*:*:*:*:*", matchCriteriaId: "A4203A9F-BBC3-4BF2-B915-C3BF2EB73EAB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixd:*:*:*:*:*:*:*", matchCriteriaId: "E186AB2F-8C5B-45E0-9194-BF66DA64F772", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixe:*:*:*:*:*:*:*", matchCriteriaId: "D32DCDA3-76B6-423C-9AF1-B65F19077909", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixf:*:*:*:*:*:*:*", matchCriteriaId: "BCCE26DD-FE65-4041-AB4D-9C7A16EE175C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixg:*:*:*:*:*:*:*", matchCriteriaId: "FE88965B-D148-43EB-9FC6-2EF5E5C917FC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixh:*:*:*:*:*:*:*", matchCriteriaId: "37EE8B1F-AA97-459E-9EA0-965A73697243", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2mra:*:*:*:*:*:*:*", matchCriteriaId: "34CC7FC1-4BB9-44C2-A61B-E10A13059DF1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2mrb:*:*:*:*:*:*:*", matchCriteriaId: "7E6CD5FF-B7B3-4E07-B932-758B9429E96D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sbc:*:*:*:*:*:*:*", matchCriteriaId: "F1579A2D-955F-4CC6-9F94-9D40C669D903", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sca:*:*:*:*:*:*:*", matchCriteriaId: "140C7C99-1B50-431C-B55C-DFF308E7ECF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scb:*:*:*:*:*:*:*", matchCriteriaId: "65213862-01D0-4B1D-8C76-B19D083BF460", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scc:*:*:*:*:*:*:*", matchCriteriaId: "F157AA25-A1BD-47BE-ABFF-149C490D9E94", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scd:*:*:*:*:*:*:*", matchCriteriaId: "1B91019F-1AA1-43AC-BBBC-869B9E8E0988", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sg:*:*:*:*:*:*:*", matchCriteriaId: "E85ABE5E-7900-4A9C-A945-48B293EF46B5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sra:*:*:*:*:*:*:*", matchCriteriaId: "A892B3F0-5A31-4086-8AB5-F06E68588EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2srb:*:*:*:*:*:*:*", matchCriteriaId: "D8E6BB50-7C0C-4E31-8DB0-40E145C8D9CF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sre:*:*:*:*:*:*:*", matchCriteriaId: "1738E127-FC9E-4B4C-BA8F-E3A2D661F2B5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2su:*:*:*:*:*:*:*", matchCriteriaId: "FC70491B-F701-4D33-A314-C686469DBD2C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sv:*:*:*:*:*:*:*", matchCriteriaId: "198C24E9-6D45-44FD-B502-D14ACDA99EDA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxa:*:*:*:*:*:*:*", matchCriteriaId: "E7A672BD-87AE-424D-8735-073BBE9CE164", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxb:*:*:*:*:*:*:*", matchCriteriaId: "95C033E3-184B-4AC1-B10D-8318FEAF73FB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxd:*:*:*:*:*:*:*", matchCriteriaId: "FC1DDD7C-7921-45D3-81F7-4D9A407CBB5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxe:*:*:*:*:*:*:*", matchCriteriaId: "5A68D177-B028-4025-BD7B-82ACDB2D1E21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxf:*:*:*:*:*:*:*", matchCriteriaId: "485ACF9E-1305-4D71-A766-5BE1D748AAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", matchCriteriaId: "09458CD7-D430-4957-8506-FAB2A3E2AA65", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sz:*:*:*:*:*:*:*", matchCriteriaId: "6E709D6B-61DB-4905-B539-B8488D7E2DC0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2tpc:*:*:*:*:*:*:*", matchCriteriaId: "F6C1C831-556D-4634-AA24-6D64943ED275", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", matchCriteriaId: "EAC6758B-C6EE-45CB-AC2D-28C4AE709DD4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*", matchCriteriaId: "075CD42D-070A-49BA-90D9-E7925BB41A38", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*", matchCriteriaId: "DCB9967A-1EBD-4BE0-8651-1C7D42B2BF4E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", matchCriteriaId: "4AB8E66C-A16F-4CC5-9FDF-AE274FF035EB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*", matchCriteriaId: "5AF2C6C2-58E8-4EA6-84FB-4D11F31490A3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", matchCriteriaId: "4628FDA0-4260-4493-92C9-4574E5EC06A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*", matchCriteriaId: "F9FA064A-6E1A-4415-84D4-1A33FF667011", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*", matchCriteriaId: "EE896909-F8C3-4723-B5E7-9FB5FA2B73B6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*", matchCriteriaId: "9F9CDCE5-F6D3-4FA3-ADA0-EED2517FF7EC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*", matchCriteriaId: "7E03EE34-C398-43B4-A529-BE7BAFA4B3C3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*", matchCriteriaId: "21147732-FA22-4728-B5F2-D115B78A8EDB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*", matchCriteriaId: "4D717498-4DF9-4D15-A25B-D777FF460E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", matchCriteriaId: "4B40548F-3914-4227-9E4C-F1B34071C069", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*", matchCriteriaId: "ECE49281-0571-49F7-95FF-68B1ACA07537", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*", matchCriteriaId: "9B09B72E-6862-4115-9A0B-574089A94289", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xu:*:*:*:*:*:*:*", matchCriteriaId: "EC38B64C-E246-467F-A185-669497DEA839", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xv:*:*:*:*:*:*:*", matchCriteriaId: "FBB42063-9DB5-42DB-825A-53C6DBB51A57", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*", matchCriteriaId: "6E5C90EE-A9C0-461C-9E89-732BFA9BD066", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ya:*:*:*:*:*:*:*", matchCriteriaId: "E74B6350-C2F8-4786-8E32-2ED6C188A5E6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yb:*:*:*:*:*:*:*", matchCriteriaId: "F8E26473-A8EF-44C5-B550-5E0B86D31291", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yc:*:*:*:*:*:*:*", matchCriteriaId: "663FE3CE-FA09-46A2-9C0D-2797D9137A82", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yd:*:*:*:*:*:*:*", matchCriteriaId: "86309E93-F2C9-4334-9A1C-989EFDC99215", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ye:*:*:*:*:*:*:*", matchCriteriaId: "761D49D6-0624-41CE-829E-49E7EA679EF3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yf:*:*:*:*:*:*:*", matchCriteriaId: "9BFAF394-6E9A-4CD6-B8A6-5BDDE4EC8EC4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yh:*:*:*:*:*:*:*", matchCriteriaId: "8B6DB954-EDC8-4A81-8C26-9D3DBC68FC67", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yj:*:*:*:*:*:*:*", matchCriteriaId: "552C1E7A-2FFA-49BC-BF09-F0DE9B0C7502", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yk:*:*:*:*:*:*:*", matchCriteriaId: "869CEAF7-59D6-4651-8D89-0244D6C430A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yl:*:*:*:*:*:*:*", matchCriteriaId: "059FBAA6-3127-4DF9-99AD-AA3A16317B6D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ym:*:*:*:*:*:*:*", matchCriteriaId: "0E0E376F-64E1-4632-9A8E-11DC99FB245F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yn:*:*:*:*:*:*:*", matchCriteriaId: "BF440B52-C6AE-4608-BE71-01B354D37BEE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yt:*:*:*:*:*:*:*", matchCriteriaId: "969A5BAA-19D5-4411-BABB-FE55DBA7C7D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yu:*:*:*:*:*:*:*", matchCriteriaId: "54B41182-7AA8-49D1-BAC3-EAF312E43553", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yv:*:*:*:*:*:*:*", matchCriteriaId: "E11BBB83-147B-4FBF-B263-77FCCFB2D92D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yw:*:*:*:*:*:*:*", matchCriteriaId: "2E84677D-793D-44C5-80E9-FC29C3183278", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yx:*:*:*:*:*:*:*", matchCriteriaId: "E70E5B1F-E72C-4DAB-B6FA-977EF04BFBDA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yy:*:*:*:*:*:*:*", matchCriteriaId: "ECFA2358-6B79-472D-9092-FF99DC3DF042", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yz:*:*:*:*:*:*:*", matchCriteriaId: "A3C26842-FF50-436F-8DB6-15A70082CD1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zc:*:*:*:*:*:*:*", matchCriteriaId: "F4A31301-AAB0-4744-98B2-695D88798D9D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zd:*:*:*:*:*:*:*", matchCriteriaId: "ECB4BA74-BE9F-43D5-9D0F-78F4F2BB19B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ze:*:*:*:*:*:*:*", matchCriteriaId: "0CEB27CF-46B5-4780-964C-C31193614B74", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zf:*:*:*:*:*:*:*", matchCriteriaId: "0F1094F9-7222-4DE0-A368-7421ABA66E3C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zh:*:*:*:*:*:*:*", matchCriteriaId: "574FFD6F-D56C-41DB-A978-E501BA3CA5D8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zj:*:*:*:*:*:*:*", matchCriteriaId: "11790F38-3720-45CF-9FD4-A8E5867684D3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zl:*:*:*:*:*:*:*", matchCriteriaId: "4AE2282B-6693-4E4B-8662-501EBC14CD9E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zp:*:*:*:*:*:*:*", matchCriteriaId: "A925BA5C-AB2F-4B73-BA93-55664A319CAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zu:*:*:*:*:*:*:*", matchCriteriaId: "9AE02B7C-BC2D-433C-B0A8-E60EDD62538E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zy:*:*:*:*:*:*:*", matchCriteriaId: "E83649EC-61A5-4937-93F4-42D082023382", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zya:*:*:*:*:*:*:*", matchCriteriaId: "5D8830A0-E816-40C4-8743-A9E0994BA922", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "0668C45B-9D25-424B-B876-C1721BFFE5DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3b:*:*:*:*:*:*:*", matchCriteriaId: "292F6F99-19B3-4106-A432-5DE916CCDD56", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*", matchCriteriaId: "C0C3B413-76F7-413B-A51F-29834F9DE722", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3tpc:*:*:*:*:*:*:*", matchCriteriaId: "841CDC5F-8F0E-4AE7-A7A9-960E0A8C66B9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3va:*:*:*:*:*:*:*", matchCriteriaId: "B418CFDD-AF36-46F9-B347-B34E72100F95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xa:*:*:*:*:*:*:*", matchCriteriaId: "84C89CFF-64BB-4058-9C49-C6BF3E5D8DB2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xb:*:*:*:*:*:*:*", matchCriteriaId: "ACB3B5E3-BDEE-4F29-AB02-BBFC6088D77E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xc:*:*:*:*:*:*:*", matchCriteriaId: "A9F12741-69FB-46DD-A670-8461492B338A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xd:*:*:*:*:*:*:*", matchCriteriaId: "7EC2D158-6174-4AE8-83DA-125B072B6980", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xe:*:*:*:*:*:*:*", matchCriteriaId: "A5688D88-A550-43EB-8854-2E132EC71156", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xf:*:*:*:*:*:*:*", matchCriteriaId: "8218E2D3-4F1E-440F-A2B2-A68D4692BB17", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xg:*:*:*:*:*:*:*", matchCriteriaId: "6BE2132D-CF21-49F1-BC66-FA6CDB6D72BD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*", matchCriteriaId: "AA212293-7BAF-4AD9-BD30-E953CBA7CB95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xj:*:*:*:*:*:*:*", matchCriteriaId: "CEF3B2A9-027B-4141-B0FB-D31A2C918CF1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xk:*:*:*:*:*:*:*", matchCriteriaId: "1018E04C-5575-4D1A-B482-D1CDB9AD6A50", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xl:*:*:*:*:*:*:*", matchCriteriaId: "68FC4904-1F4D-4E10-AF95-911B07827598", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xq:*:*:*:*:*:*:*", matchCriteriaId: "86B9E611-3F06-424C-96EF-EE4997C70AB9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xr:*:*:*:*:*:*:*", matchCriteriaId: "E0A5760A-9FFE-4941-B2BD-7DD54B1E1B37", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xs:*:*:*:*:*:*:*", matchCriteriaId: "98FE195E-084B-4F4C-800D-850165DED48C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xu:*:*:*:*:*:*:*", matchCriteriaId: "FB74F350-37F8-48DF-924E-415E51932163", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xw:*:*:*:*:*:*:*", matchCriteriaId: "E618BF54-56DC-40FC-A515-3BFB4366F823", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xx:*:*:*:*:*:*:*", matchCriteriaId: "A1976E53-85A6-494F-B8AC-847E7988850C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xy:*:*:*:*:*:*:*", matchCriteriaId: "D90B78E1-3FC7-4CF6-B0BA-1D4CA0FAB57E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xz:*:*:*:*:*:*:*", matchCriteriaId: "9A668D08-14C4-4438-A59C-CE60498BEF8B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ya:*:*:*:*:*:*:*", matchCriteriaId: "320C5597-68BE-4899-9EBB-9B4DEE8EA7DB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yd:*:*:*:*:*:*:*", matchCriteriaId: "520304A4-EB15-42A8-A402-8251A4D2076D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yf:*:*:*:*:*:*:*", matchCriteriaId: "C46B66D6-1BF1-4DCA-868F-BADE3CB96063", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yg:*:*:*:*:*:*:*", matchCriteriaId: "CA88C064-898F-4C0D-A266-D7B3509C28A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yh:*:*:*:*:*:*:*", matchCriteriaId: "139B1182-61A3-4F3D-9E29-758F27917646", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yi:*:*:*:*:*:*:*", matchCriteriaId: "0CC3706F-B00A-405E-917E-7FD5217E0501", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yj:*:*:*:*:*:*:*", matchCriteriaId: "1B46199E-0DF1-4B3F-A29E-1A2FC016F0F5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yk:*:*:*:*:*:*:*", matchCriteriaId: "1DF4D0E3-8015-4D6F-8364-B6EEAAE67971", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ym:*:*:*:*:*:*:*", matchCriteriaId: "2595DCBA-E6F2-4551-A804-4DBB137F076B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yq:*:*:*:*:*:*:*", matchCriteriaId: "CD6DF12B-2A20-4AC5-8EC5-729008D87736", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ys:*:*:*:*:*:*:*", matchCriteriaId: "6BF9D6B6-E51F-44FF-97E5-15E0C4E9C3D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yt:*:*:*:*:*:*:*", matchCriteriaId: "A25C42FA-37F4-4B7F-AFCA-D7F081F58CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yu:*:*:*:*:*:*:*", matchCriteriaId: "B0AB8F07-AF43-4202-9908-F9A1DF6FFC03", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yx:*:*:*:*:*:*:*", matchCriteriaId: "2958873B-A0AB-4EAF-A5CF-8423739FAB07", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yz:*:*:*:*:*:*:*", matchCriteriaId: "1938D118-C07F-4BEC-8030-947F099BFCB8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3za:*:*:*:*:*:*:*", matchCriteriaId: "3870C62F-D086-419C-A0E6-815E9ED5DE3B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4gc:*:*:*:*:*:*:*", matchCriteriaId: "89B19F2B-1D89-42FC-89A7-737D8109EB1B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4md:*:*:*:*:*:*:*", matchCriteriaId: "A2222EED-6CB2-4D18-8AF5-FAE55BC6213F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4mda:*:*:*:*:*:*:*", matchCriteriaId: "237F6EDD-AB47-4768-9C75-C0B03E23696B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4mr:*:*:*:*:*:*:*", matchCriteriaId: "C7414D32-88A1-416E-A717-3F47B6D1BE74", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4mra:*:*:*:*:*:*:*", matchCriteriaId: "860A1477-49B5-4356-9D83-A1A092233D55", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4sw:*:*:*:*:*:*:*", matchCriteriaId: "370DC543-AC01-4B91-88C7-60C323E35929", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*", matchCriteriaId: "BEAD7398-D1B2-47FB-952D-8C3162D5A363", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xa:*:*:*:*:*:*:*", matchCriteriaId: "99235FFB-4439-40B2-ADBD-B08E5DBBCCB9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xb:*:*:*:*:*:*:*", matchCriteriaId: "C1797E4E-E15C-4148-9B3D-4FF6D1D815AF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xc:*:*:*:*:*:*:*", matchCriteriaId: "544BD924-2CBD-4130-BBD3-5AD084C85FE5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xd:*:*:*:*:*:*:*", matchCriteriaId: "6B78181E-E1D1-4C25-85DE-CA46BBF21765", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xe:*:*:*:*:*:*:*", matchCriteriaId: "C1F36C3D-E9A2-41A1-BE71-4D8B00D228E0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xf:*:*:*:*:*:*:*", matchCriteriaId: "7D1CD80F-E898-41CE-8A86-28C2F48B928A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xg:*:*:*:*:*:*:*", matchCriteriaId: "9C3C3B97-7F1E-4B87-AD44-E4230BCDAB7D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xj:*:*:*:*:*:*:*", matchCriteriaId: "BF610051-1638-4C1B-9864-11E34EFC4DE6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xk:*:*:*:*:*:*:*", matchCriteriaId: "78260223-50C0-48F8-9A65-AE67489E602C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xl:*:*:*:*:*:*:*", matchCriteriaId: "18E39462-4CEE-4C29-8B60-50E05FCF3E91", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xm:*:*:*:*:*:*:*", matchCriteriaId: "3FF16123-CCA0-4ECD-9B8C-AC1534C3F244", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xn:*:*:*:*:*:*:*", matchCriteriaId: "CC7454AF-7610-4CD3-BD2B-95A6C3283811", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xp:*:*:*:*:*:*:*", matchCriteriaId: "AB633E6C-025C-4B31-ABE7-8318C813376B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xq:*:*:*:*:*:*:*", matchCriteriaId: "CEA9218D-E7A5-4F98-83E7-2FD6E138D5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xr:*:*:*:*:*:*:*", matchCriteriaId: "AC90BE87-EB54-46F8-A1FD-8F4E553C69F0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xt:*:*:*:*:*:*:*", matchCriteriaId: "DFED1FFB-899D-4A48-9CCA-0B8737AE1408", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xv:*:*:*:*:*:*:*", matchCriteriaId: "883FA166-2973-42BA-842D-28FBDBFEAC4A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:*", matchCriteriaId: "4362045B-7065-4FF9-A977-B3DA7894F831", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xy:*:*:*:*:*:*:*", matchCriteriaId: "BC27E79D-6B4B-4839-9664-DFE821C45C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*", matchCriteriaId: "4963A243-74FA-43AD-9645-C9FAD527A6E1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*", matchCriteriaId: "31C6EACA-35BE-4032-93DA-5F738AEE0F4A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4yb:*:*:*:*:*:*:*", matchCriteriaId: "E67621EA-25D8-47C2-ADEA-512E38F2FFE3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4yd:*:*:*:*:*:*:*", matchCriteriaId: "94E1421B-2B86-41B2-9288-59780E081337", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4ye:*:*:*:*:*:*:*", matchCriteriaId: "51A5F5FF-6BC4-4A1E-B9F1-BD47096D30B2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4yg:*:*:*:*:*:*:*", matchCriteriaId: "6D910556-9518-45C5-9891-1541760B0920", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0m:*:*:*:*:*:*:*", matchCriteriaId: "3D03374C-7EF0-4455-839E-09CA4F2E85BC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0s:*:*:*:*:*:*:*", matchCriteriaId: "F3EB72C9-C9AA-4E5C-8E87-A1AAA09AC5D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0xa:*:*:*:*:*:*:*", matchCriteriaId: "EC6EF56C-032C-43F6-A979-E18BEA0E16A6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1t:*:*:*:*:*:*:*", matchCriteriaId: "5FAFA073-B16F-475F-B68D-8FE9135AB0A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1xb:*:*:*:*:*:*:*", matchCriteriaId: "34137E45-7EC0-4350-9F6D-B427CE07D693", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6D203439-1A4B-4805-8A15-5A33C612A5B4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "71A41531-FBC0-41DD-9965-8CAFA30488AE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "310BA9E3-8175-4220-9FC3-48390C994174", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1.2114.1\\):*:*:*:*:*:*:*", matchCriteriaId: "05D768C8-3FCC-4994-95C0-ABCD86802A92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1.2121.1\\):*:*:*:*:*:*:*", matchCriteriaId: "176E153B-F64B-47C6-A989-7530F46C1A33", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.", }, { lang: "es", value: "Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.1, Cisco IOS XE v2.5.x y v2.6.x anterior a v2.6.1, y Cisco Unified Communications Manager (también conocido como CUCM, anteriormente CallManager) v6.x anterior a 6.1(5)SU1, v7.x anterior a v7.1(5) y v8.0 anterior a v8.0(2) permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo o interrupción de los servicios de voz) mediante tráfico SIP manipulado sobre UDP, también conocido como fallo IDs CSCtf72678 y CSCtf14987.", }, ], id: "CVE-2010-2834", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-09-23T19:00:13.717", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "767C92FE-865C-4618-861F-07678131619D", versionEndExcluding: "11.5\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (UCM), podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site request forgery (CSRF) en un dispositivo afectado. La vulnerabilidad es debido a protecciones CSRF insuficientes para la interfaz de administración basada en web en un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que siga un enlace malicioso. Una explotación con éxito podría permitir al atacante llevar a cabo acciones arbitrarias con el nivel de privilegio del usuario apuntado", }, ], id: "CVE-2020-3135", lastModified: "2024-11-21T05:30:23.893", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-23T01:15:15.237", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-NbhZTxL", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-NbhZTxL", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-25 03:27
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1028938 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1028938 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 9.0\(1\) | |
| cisco | unified_communications_manager | 8.5 | |
| cisco | unified_communications_manager | 8.5\(1\) | |
| cisco | unified_communications_manager | 8.5\(1\)su1 | |
| cisco | unified_communications_manager | 8.5\(1\)su2 | |
| cisco | unified_communications_manager | 8.5\(1\)su3 | |
| cisco | unified_communications_manager | 8.5\(1\)su4 | |
| cisco | unified_communications_manager | 8.5\(1\)su5 | |
| cisco | unified_communications_manager | 8.6 | |
| cisco | unified_communications_manager | 8.6\(1\) | |
| cisco | unified_communications_manager | 8.6\(1a\) | |
| cisco | unified_communications_manager | 8.6\(2\) | |
| cisco | unified_communications_manager | 8.6\(2a\) | |
| cisco | unified_communications_manager | 8.6\(2a\)su1 | |
| cisco | unified_communications_manager | 8.6\(2a\)su2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.", }, { lang: "es", value: "Cisco Unified Communications Manager (Unified CM) v8.5(x) y v8.6(x) anterior a v8.6(2a)su3 y v9.x anterior a v9.1(1) no restringe adecuadamente el índice de paquetes SIP, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU, y la interrupción del servicio) a través de un flujo de paquetes UDP al puerto 5060, también conocido como Bug ID CSCub35869.", }, ], id: "CVE-2013-3461", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-25T03:27:32.673", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1028938", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-20 20:15
Modified
2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E04AFBD-C69F-4462-9742-914CD9AD2BB7", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "F709C2EB-2724-443B-B362-0916AB8935EF", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "64674375-4962-410C-A837-339258B344C4", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "99FBA7C5-CE7D-41F0-ACFF-8A24079B7DDA", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7ABF16F2-3695-490C-B4B2-D6BAF80F9D25", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "829CD76A-0785-426B-851F-04790870713D", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6986C5A9-7211-463E-B016-18E19B66ADBA", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "211822F9-04D8-49F4-BB92-B5F740AAB2D1", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, { lang: "es", value: "Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & Presence Service (Unified CM IM &), podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM amp;P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso", }, ], id: "CVE-2021-1364", lastModified: "2024-11-21T05:44:11.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-20T20:15:17.753", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-35", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "471B6E0B-FCD9-4E93-BDEA-0B69B5296960", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en el Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(2) permite a atacantes remotos autenticados ejecutar comando arbitrarios SQL mediante vectores no especificados, también conocido como Bug ID CSCuh81766.", }, ], id: "CVE-2013-3412", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.967", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/54249", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.", }, { lang: "es", value: "La funcionalidad certificate-import en la implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a través de un comando manipulado, también conocido como Bug ID CSCum95461.", }, ], id: "CVE-2014-0741", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:N", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-27T01:55:03.320", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029843", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-09-28 19:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C5865997-F8B2-4ABB-96DF-3AE691A7CE5B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E9211420-9F35-4872-879A-5F7CA29C6299", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "163B798C-B207-4CA6-AF8A-5955F5B89A56", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "D7DD4B55-4C68-45CD-988E-D470C26E5E71", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "48C1B081-1FD7-4BBD-84BD-E1E5F80C74FE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "BC32C417-3E61-4892-9A42-C31C6D62F09D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "3841B111-FEFE-4367-AFF0-B7F17D468E87", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0\\(4c\\):*:*:*:*:*:*:*", matchCriteriaId: "5DE9B3F9-6650-4568-B5FB-C228BD367002", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "8DC17139-DB98-4C59-B29B-1B792C67EB97", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "949045EF-8CB3-453A-8C4C-9B0B12775396", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "569E4CE4-119A-432D-9EE0-01E19DC9E918", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "99495B1F-90E6-4405-AA08-2764D6EB34DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "E3E60E9F-A0F8-4B3C-9DB3-8D5BE3D5EC6D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "93A8CC01-1C2B-44A1-9CD6-4BD375FA8DC3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "01AA0941-6BDA-4B7E-81C5-D48ADAA3B5E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "1D9BA114-1C07-44BF-9645-DACE14CB9A63", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "439FC49D-8860-4D74-B82B-A91F6B6C8DB5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BFE8E328-D5DD-4E6B-A21C-B6CE6A1784CD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "D47BCC3A-8D11-4BF1-BB22-98EB7A1324DF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F39D409C-BC11-49BB-96D7-15954A524A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "60068FC9-8A85-42E7-A0F8-AAE190E1DD2F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "8AD79B32-0F2C-4691-8458-702E68089594", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "D3F383F7-DE21-425D-98BC-2CCB99012659", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "E20E884C-8F7C-4E29-8701-1CD1F63745D8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "E9E102AF-0603-4B4B-978C-FE76C66E9EA9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "6C38632E-4519-4A69-ABB8-BD5991F8081D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "72BCC243-D4B8-477D-9B68-C90571F57472", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM, antiguamente como CallManager) v5.x anterior a v5.1(3g), v6.x anterior a v6.1(4), v7.0.x anterior a v7.0(2a)su1 y v7.1.x anterior a v7.1(2) permite a usuarios remotos provocar una denegación del servicio (reinicio del servicio) a través de mensajes SIP malformados. También conocido como Bug ID CSCsz95423.", }, ], evaluatorComment: "An unauthenticated, remote attacker could exploit this vulnerability to cause the affected application to fail, resulting in a DoS condition.\r\n", id: "CVE-2009-2864", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-09-28T19:30:01.360", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/58344", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36836", }, { source: "psirt@cisco.com", tags: [ "Patch", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/36496", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1022931", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2757", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/58344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/36496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/2757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-30 17:15
Modified
2024-11-21 07:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | emergency_responder | 12.5.1su4 | |
| cisco | emergency_responder | 12.5.1su8a | |
| cisco | emergency_responder | 14su3 | |
| cisco | unified_communications_manager | 12.5.1su8 | |
| cisco | unified_communications_manager | 12.5.1su8 | |
| cisco | unity_connection | 12.5\(1\)su6 | |
| cisco | unity_connection | 12.5\(1\)su7 | |
| cisco | unity_connection | 12.5\(1\)su8 | |
| cisco | unity_connection | 14su2 | |
| cisco | unity_connection | 14su3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:12.5.1su4:*:*:*:*:*:*:*", matchCriteriaId: "45D3EAE2-997A-4EE4-A1CA-2F3864629231", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:12.5.1su8a:*:*:*:*:*:*:*", matchCriteriaId: "C3ADE81D-B027-4413-B128-DAF24A0E748F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:14su3:*:*:*:*:*:*:*", matchCriteriaId: "CF848485-44D0-4354-852A-8E859E050A07", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5.1su8:*:*:*:-:*:*:*", matchCriteriaId: "0A0D0A9E-2635-441D-BE5B-C9DF92359D24", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5.1su8:*:*:*:session_management:*:*:*", matchCriteriaId: "ED784326-A303-4797-AD19-23E424C5188D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "86884D5E-B015-447A-9834-1264315FCC50", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su7:*:*:*:*:*:*:*", matchCriteriaId: "538BCDAE-A94C-4343-B63B-5D29023707E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8:*:*:*:*:*:*:*", matchCriteriaId: "E89A84F3-E075-4CAF-9B3C-5F080FC37F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:14su2:*:*:*:*:*:*:*", matchCriteriaId: "CD8AB4B5-12C2-4F02-A4C3-4B8C06AFFD53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*", matchCriteriaId: "181866CE-6279-4422-8EF8-7A12DB5B21F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unity Connection podría permitir a un atacante remoto autenticado elevar los privilegios a root en un dispositivo afectado. Esta vulnerabilidad existe porque la aplicación no restringe adecuadamente los archivos que se utilizan para las actualizaciones. Un atacante podría aprovechar esta vulnerabilidad proporcionando un archivo de actualización manipulado. Un exploit exitoso podría permitir al atacante elevar los privilegios a root. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales válidas de administrador de la plataforma en un dispositivo afectado.", }, ], id: "CVE-2023-20266", lastModified: "2024-11-21T07:41:02.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-30T17:15:08.357", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-06 21:15
Modified
2024-11-21 06:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "90259C71-D12C-4E4D-99B1-94CB7273608C", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "8856CD06-9CD4-43EF-8D64-A8D0FDE09696", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "12A3E282-8E16-4BEA-BEB6-99630CCAEB3A", versionEndExcluding: "11.5\\(1\\)su11", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2A2B6AA9-7E2D-4CBB-AFDB-6D5B52AFAB1C", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2BC1ED14-2795-48C1-94A6-24BB2272277F", versionEndExcluding: "14.0su2", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME) y Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad es debido a que la interfaz de administración basada en web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2022-20815", lastModified: "2024-11-21T06:43:36.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T21:15:11.740", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-04 05:39
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 9.1\(1\) | |
| cisco | unified_communications_manager | 9.1\(2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3719A935-2B3C-49AC-869F-BD31E7BCD44D", versionEndIncluding: "9.1\\(2.10000.28\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "471B6E0B-FCD9-4E93-BDEA-0B69B5296960", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como Unified CM) 9.1 (2.10000.28) y anteriores permite a usuarios locales obtener privilegios mediante el aprovechamiento de los permisos de fichero no correctos, también conocido como Bug IDs CSCul24917 y CSCul24908.", }, ], id: "CVE-2014-0686", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:H/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 1.5, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-04T05:39:08.480", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/102750", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/56818", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65281", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/102750", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/56818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65281", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-12-15 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 8.0\(2c\) | |
| cisco | unified_communications_manager | 8.0\(3\) | |
| cisco | unified_communications_manager | 8.0_base | |
| cisco | unified_communications_manager | 8.5.1 | |
| cisco | unified_communications_manager | 8.5_base | |
| cisco | unified_communications_manager | 8.6.1 | |
| cisco | unified_communications_manager | 8.6.2 | |
| cisco | unified_communications_manager | 8.6_base |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0_base:*:*:*:*:*:*:*", matchCriteriaId: "5115BA82-98EF-47B1-A1D0-D665204FA9F8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "002438B1-1160-471B-8452-DF09763F2490", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5_base:*:*:*:*:*:*:*", matchCriteriaId: "0DEDE635-8EDA-4325-ACA3-76462C4D5D9F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6.1:*:*:*:*:*:*:*", matchCriteriaId: "CBD7A28E-51D4-4246-B648-CBA457DBF68B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6.2:*:*:*:*:*:*:*", matchCriteriaId: "1A6F2B51-7E93-4FD1-8DBC-B6FAC6D4664A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6_base:*:*:*:*:*:*:*", matchCriteriaId: "9137F416-8FE6-484C-9131-B4BED453B684", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.", }, { lang: "es", value: "Cisco Unified Communications Manager (UCM) 8.0 hasta la versión 8.6 permite a atacantes remotos eludir el mecanismo de protección XSS a través de un parámetro manipulado, también conocido como Bug ID CSCuu15266", }, ], id: "CVE-2015-4206", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-12-15T05:59:00.317", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/79196", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1034430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/79196", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034430", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCA70732-8ACD-47D2-A311-319180F86892", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.", }, { lang: "es", value: "Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la variable de entorno especificadas para los programas privilegiados, también conocido como Bug ID CSCui02242.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", id: "CVE-2013-3434", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.983", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/95403", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/54249", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/61296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/95403", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/61296", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-23 01:15
Modified
2024-11-21 04:29
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F22BD3DC-FF47-4921-9494-1254DF472108", versionEndIncluding: "10.5\\(2.10000.5\\)", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BA2577BB-E0E8-4D20-A9B1-524800FA0963", versionEndIncluding: "11.5\\(1.10000.6\\)", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "22D0B815-36AE-4C39-B9C8-D29B05F6FECB", versionEndIncluding: "12.0\\(1.10000.10\\)", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "624F2FFF-D108-4E8E-BBC5-42B9A545CB32", versionEndIncluding: "12.5\\(1.10000.22\\)", versionStartIncluding: "12.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager, podría permitir a un atacante remoto autenticado visualizar información confidencial en la interfaz de administración basada en web del software afectado. La vulnerabilidad es debido a una protección insuficiente de la entrada suministrada por el usuario para la interfaz de administración basada en web del servicio afectado. Un atacante podría explotar esta vulnerabilidad mediante el acceso a la interfaz y visualizando partes restringidas de la configuración del software. Una explotación con éxito podría permitir al atacante obtener acceso a información confidencial o conducir nuevos ataques", }, ], id: "CVE-2019-15963", lastModified: "2024-11-21T04:29:50.013", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-23T01:15:12.957", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-08 07:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/102958 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040341 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102958 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040341 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.13900.52\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.13900.52\\):*:*:*:*:*:*:*", matchCriteriaId: "B8F66D26-F9C2-48DF-A7F3-25B802511C19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.", }, { lang: "es", value: "Una vulnerabilidad en el framework web de Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado lleve a cabo un ataque de inyección SQL contra un sistema afectado. Esto se debe a la imposibilidad de validar entradas proporcionadas por el usuario empleadas en consultas SQL que eluden los filtros de protección. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones HTTP modificadas que incluyan instrucciones SQL maliciosas al sistema afectado. Si se realiza correctamente, esta vulnerabilidad podría permitir que el atacante determine la presencia de ciertos valores en la base de datos del sistema afectado. Cisco Bug IDs: CSCvg74810.", }, ], id: "CVE-2018-0120", lastModified: "2024-11-21T03:37:33.757", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-08T07:29:00.413", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102958", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040341", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102958", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-05-29 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39011 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032407 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39011 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032407 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.3\(1\) | |
| cisco | ip_phone_7861 | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "E0AFBF22-C85C-457F-A34A-53073A7B3E38", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", matchCriteriaId: "E52C420C-FD54-4BE4-8720-E05307D53520", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.", }, { lang: "es", value: "Cisco IP Phone 7861, cuando firmware de Cisco Unified Communications Manager 10.3(1) está utilizado, permite a atacantes remotos causar una denegación de servicio a través de paquetes manipulados, también conocido como Bug ID CSCus81800.", }, ], id: "CVE-2015-0751", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-05-29T15:59:05.390", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39011", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032407", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-08-12 23:55
Modified
2025-04-12 10:46
Severity ?
Summary
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.0\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0890B9FC-671D-4CB4-BA5C-3D3EE7124BCC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.", }, { lang: "es", value: "El módulo CTIManager en Cisco Unified Communications Manager (CM) 10.0(1), cuando el inicio se sesión único (single sign-on) está habilitado, no valida debidamente los tokens Kerberos SSO, lo que permite a usuarios remotos autenticados ganar privilegios y ejecutar comandos arbitrarios a través de datos de tokens manipulados, también conocido como Bug ID CSCum95491.", }, ], id: "CVE-2014-3338", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-08-12T23:55:03.907", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/60054", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/69176", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030710", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69176", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.", }, { lang: "es", value: "Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCti42904.", }, ], id: "CVE-2011-1604", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-05-03T22:55:02.357", references: [ { source: "psirt@cisco.com", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/44331", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/47609", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025449", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/44331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/47609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67122", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager y Cisco Unified Communications Manager Session Management Edition (SME), podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz basada en web. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario mediante la interfaz basada en web del software afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en navegador.", }, ], id: "CVE-2019-12716", lastModified: "2024-11-21T04:23:25.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:14.560", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12716", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12716", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "54A18428-4FD9-4808-A64F-BC4D6EAB85C4", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "86F6ADB9-4252-4816-A214-5E67469FB6E1", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.", }, { lang: "es", value: "Una vulnerabilidad en el Self Care Portal de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME), podría permitir a un atacante remoto autenticado modificar datos en un sistema afectado sin la debida autorización. La vulnerabilidad es debido a una comprobación insuficiente de los datos suministrados por el usuario en el Self Care Portal. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada a un sistema afectado. Una explotación con éxito podría permitir al atacante modificar información sin una apropiada autorización", }, ], id: "CVE-2021-1399", lastModified: "2024-11-21T05:44:15.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.500", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-302", }, ], source: "psirt@cisco.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-09-07 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/100662 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039286 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905 | Vendor Advisory | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100662 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039286 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 9.1\(2.10000.28\) | |
| cisco | unified_communications_manager | 10.0\(1.10000.24\) | |
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2.10000.28\\):*:*:*:*:*:*:*", matchCriteriaId: "3655A2A6-E9A2-43C2-97FE-96BD8343E5E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1.10000.24\\):*:*:*:*:*:*:*", matchCriteriaId: "62A3C945-C4A2-4187-9104-E61111C0832D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.", }, { lang: "es", value: "Una vulnerabilidad en el servicio de verificación de confianza (TVS) en Cisco Unified Communications Manager podría permitir que un atacante remoto sin autenticar provoque una denegación de servicio (DoS) en un sistema afectado. Esta vulnerabilidad se debe a una gestión incorrecta del tráfico Transport Layer Security (TLS) por parte del software afectado. Un atacante podría explotar esta vulnerabilidad generando flujos de tráfico incompletos. Si se explota esta vulnerabilidad con éxito, el atacante podría negarle el acceso al TVS a un dispositivo afectado, lo que resultaría en una denegación de servicio hasta que el administrador reiniciase el servicio. Versiones afectadas conocidas 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.", }, ], id: "CVE-2017-6791", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-07T21:29:00.800", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100662", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039286", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100662", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039286", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) | |
| cisco | unified_communications_manager_im_and_presence_service | 14.0\(1\) | |
| cisco | unity_connection | 11.5 | |
| cisco | unity_connection | 12.0 | |
| cisco | unity_connection | 12.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "33E70D46-DB04-4A5C-B3CD-69B72F187FFF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*", matchCriteriaId: "8F2437A5-217A-4CD1-9B72-A31BDDC81F42", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*", matchCriteriaId: "65D225AB-813B-4182-8916-0FE8307BB18B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.5:*:*:*:*:*:*:*", matchCriteriaId: "34376413-27A8-48DF-BC31-FFE043945406", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz basada en web de múltiples productos Cisco Unified Communications, podría permitir a un atacante remoto no autenticado realizar un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz basada en web del software afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario mediante la interfaz basada en web del software afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en navegador.", }, ], id: "CVE-2019-12707", lastModified: "2024-11-21T04:23:24.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:14.030", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-xss", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-xss", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 7.0 | |
| cisco | unified_communications_manager | 7.0\(1\) | |
| cisco | unified_communications_manager | 7.0\(2\) | |
| cisco | unified_communications_manager | 7.1 | |
| cisco | unified_communications_manager | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.", }, { lang: "es", value: "El componente CMSIPUtility en Cisco Unified Communications Manager (también conocido como CUCM, anteriormente CallManager) v7.x anteriores a v7.1(3a)su1 y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegación de servicio (fallo de proceso) a través de un mensaje de registr SIP malformado, también conocido como Bug ID CSCtc37188.", }, ], id: "CVE-2010-0590", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-03-05T16:30:00.800", references: [ { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1023670", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/38495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1023670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38495", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 8.0 | |
| cisco | unified_communications_manager | 8.0\(1\) | |
| cisco | unified_communications_manager | 8.0\(2c\) | |
| cisco | unified_communications_manager | 8.0\(2c\)su1 | |
| cisco | unified_communications_manager | 8.0\(3\) | |
| cisco | unified_communications_manager | 8.0\(3a\) | |
| cisco | unified_communications_manager | 8.0\(3a\)su1 | |
| cisco | unified_communications_manager | 8.0\(3a\)su2 | |
| cisco | unified_communications_manager | 8.5 | |
| cisco | intercompany_media_engine | 8.0\(2\) | |
| cisco | intercompany_media_engine | 8.0\(3\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:intercompany_media_engine:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "5A9DC100-0680-4A7D-A973-3A91A5429918", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:intercompany_media_engine:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F16B5E38-666E-4B54-AD32-29B3380F4814", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.", }, { lang: "es", value: "Vulnerabilidad no especificada en el Service Advertisement Framework (SAF) en Cisco Unified Communications Manager (también conocido como CUCM, CallManager) v8.xantes de v8.5(1) y Cisco Intercompany Media Engine v8.x antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de paquetes SAF modificados, también conocido como Bug ID CSCth26669", }, ], id: "CVE-2011-2563", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-29T15:55:01.300", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025969", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025969", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-04 16:15
Modified
2024-11-21 06:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | - | |
| cisco | unified_communications_manager | 14.0\(1.10000.20\) | |
| cisco | unified_communications_manager_im_and_presence_service | 10.5\(2\) | |
| cisco | unified_communications_manager_im_and_presence_service | 11.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5 | |
| cisco | unified_communications_manager_im_and_presence_service | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*", matchCriteriaId: "863C456D-EE60-49F8-AFB0-795EA29CD93D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0\\(1.10000.20\\):*:*:*:*:*:*:*", matchCriteriaId: "C4B25936-F690-4A75-9704-39AE7A285B86", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "BF58FA68-5EEC-47A2-AD8C-2342B449741D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "34D89C42-AAD9-4B04-9F95-F77681E39553", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5:*:*:*:*:*:*:*", matchCriteriaId: "E2B03B32-1774-4DF8-A065-65BA8D1FBD50", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*", matchCriteriaId: "9F161FAB-C375-4F2D-BF13-1645BA6A06F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site request forgery (CSRF) en un dispositivo afectado. Esta vulnerabilidad es debido a una insuficiencia de las protecciones CSRF para la interfaz de administración basada en la web en un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace malicioso. Una explotación con éxito podría permitir al atacante llevar a cabo acciones arbitrarias con el nivel de privilegio del usuario objetivo. Estas acciones podrían incluir la modificación de la configuración del dispositivo y la eliminación (pero no la creación) de cuentas de usuario", }, ], id: "CVE-2021-34773", lastModified: "2024-11-21T06:11:10.097", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-04T16:15:08.730", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-05-03 10:11
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", matchCriteriaId: "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", matchCriteriaId: "EB41294E-F3DF-4F1E-A4C8-E90B21A88836", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.2:*:*:*:*:*:*:*", matchCriteriaId: "C2AB6A02-B7C7-48D1-8857-BD1CDF9A40D8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0_base:*:*:*:*:*:*:*", matchCriteriaId: "65A38A75-4BC8-4DC6-A93A-4DB51632144D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1_base:*:*:*:*:*:*:*", matchCriteriaId: "8746D888-2169-4B4D-ABB6-9F1AEF6A5FB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.", }, { lang: "es", value: "Pérdida de memoria en Cisco IOS v12.4 y v15.0 hasta v15.2, y Cisco Unified Communications Manager v7.x (CUCM), permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una respuesta modificada a un mensaje SIP SUBSCRIBE, también conocido como Bug ID CSCto93837 y CSCtj61883.", }, ], id: "CVE-2011-4019", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 5.4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-05-03T10:11:39.530", references: [ { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-01-22 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_1:*:*:*:*:*:*:*", matchCriteriaId: "CFE62DB5-943D-43B5-BD13-D74DAA122578", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_2:*:*:*:*:*:*:*", matchCriteriaId: "D2D76BC6-1A59-4D74-A7C9-8C05D96E01F8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_3:*:*:*:*:*:*:*", matchCriteriaId: "788BDB54-0970-468F-9713-14B097E1A863", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_3a:*:*:*:*:*:*:*", matchCriteriaId: "3CAE1371-F46C-4DFD-A4A4-D609E93C4740", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_4:*:*:*:*:*:*:*", matchCriteriaId: "E7AC2F39-C029-4FAB-A963-0C7F1D5A8067", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_4a:*:*:*:*:*:*:*", matchCriteriaId: "62781360-15FC-4E40-AEF8-BF01606A671B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0_4a_su1:*:*:*:*:*:*:*", matchCriteriaId: "08E03DCC-4DCB-4830-943F-05F7E3BB49EF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "B860F1E1-E295-4B71-B396-14286611EA36", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2\\):*:*:*:*:*:*", matchCriteriaId: "E194E6EC-282D-4C8E-96E3-00D64FCD8C6C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2a\\):*:*:*:*:*:*", matchCriteriaId: "5B2EA451-EE18-440A-924A-556A2EC74300", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2b\\):*:*:*:*:*:*", matchCriteriaId: "8950C510-38F3-4040-8871-C085DDECF5B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(3a\\):*:*:*:*:*:*", matchCriteriaId: "7101A008-3F3C-4ABB-B4FC-25BDA8809C87", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:5.1\\(1\\):*:*:*:*:*:*", matchCriteriaId: "CDEF7B2B-66CB-4C92-B678-859693C8C890", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:5.1_\\(2a\\):*:*:*:*:*:*", matchCriteriaId: "8AA0378D-5EE0-4BD6-BB33-7DF01F830DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "AD2935E2-7340-4B49-8B5D-C7801FD605C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_1:*:*:*:*:*:*:*", matchCriteriaId: "2740B5E5-E8D2-491E-B174-A1A9DF812418", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_2:*:*:*:*:*:*:*", matchCriteriaId: "60D93DAA-0ED6-4DA5-B7A5-50D5567A6178", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_2a:*:*:*:*:*:*:*", matchCriteriaId: "DEA1ABD3-D076-4CA6-A12D-3C3BB5080B1D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_2b:*:*:*:*:*:*:*", matchCriteriaId: "54B14EC5-4391-4698-BF6F-2726FD28D318", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_3a:*:*:*:*:*:*:*", matchCriteriaId: "B5F1270F-DBF6-4938-A1A0-732EE52C83E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "156F822A-08CB-4EE2-9054-18F649D96C39", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "53CBD1E5-46C6-4F31-867A-118227EB0473", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*", matchCriteriaId: "05F443F9-B454-42B3-8464-ACEA40066DF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0_1a:*:*:*:*:*:*:*", matchCriteriaId: "1FBF1FDC-7096-4EE6-B9A2-0C9971F407D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42F3870B-5DE9-4E3E-BEA7-863916DD45DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1_1a:*:*:*:*:*:*:*", matchCriteriaId: "047E45A0-C0F0-4900-B5FB-8F0A5852732D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the \"client terminates prematurely.\"", }, { lang: "es", value: "El servicio Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager 5.x antes de 5.1(3e) y 6.x antes de 6.1(3) permite a atacantes remotos provocar una denegación de servicio (parada del servicio de voz) mediante el envío de entradas malformadas sobre una sesión TCP en la que el \"cliente termina prematuramente.\"", }, ], id: "CVE-2009-0057", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-01-22T18:30:03.813", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33588", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/33379", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1021620", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2009/0213", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/33588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/33379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1021620", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/0213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48139", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 4.1 | |
| cisco | unified_callmanager | 4.1_3_sr4 | |
| cisco | unified_callmanager | 4.1_3_sr5 | |
| cisco | unified_callmanager | 4.1_3_sr5b | |
| cisco | unified_callmanager | 4.1_3_sr5c | |
| cisco | unified_communications_manager | 4.2_3_sr2 | |
| cisco | unified_communications_manager | 4.2_3_sr2b | |
| cisco | unified_communications_manager | 4.2_3_sr3 | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 4.3_1_sr1 | |
| cisco | unified_communications_manager | 5.1_1 | |
| cisco | unified_communications_manager | 5.1_2 | |
| cisco | unified_communications_manager | 5.1_2a | |
| cisco | unified_communications_manager | 5.1_2b | |
| cisco | unified_communications_manager | 5.1_3a | |
| cisco | unified_communications_manager | 6.0 | |
| cisco | unified_communications_manager | 6.0_1 | |
| cisco | unified_communications_manager | 6.0_1a | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | unified_communications_manager | 6.1_1a |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "AC772518-51CC-4692-BEB2-2C9C2A215F44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr4:*:*:*:*:*:*:*", matchCriteriaId: "5669BB8E-3799-46AD-9E31-96BF3F60B20D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr5:*:*:*:*:*:*:*", matchCriteriaId: "236C3A89-D732-423F-9885-5B429DBDF257", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr5b:*:*:*:*:*:*:*", matchCriteriaId: "88DC4709-EE11-45CF-B929-A0623F254341", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1_3_sr5c:*:*:*:*:*:*:*", matchCriteriaId: "10A04B5A-D912-43F5-8143-21C23207F6B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3_sr2:*:*:*:*:*:*:*", matchCriteriaId: "5ED2283C-822A-45B1-B82B-90EEB78CD372", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3_sr2b:*:*:*:*:*:*:*", matchCriteriaId: "A6A6AC6B-D3CD-4F05-A73F-61041C6DB514", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3_sr3:*:*:*:*:*:*:*", matchCriteriaId: "939CD685-4539-421F-BC12-36E641301E8D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3_1_sr1:*:*:*:*:*:*:*", matchCriteriaId: "97DC0190-A028-489D-BF61-8A49A91C15B2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_1:*:*:*:*:*:*:*", matchCriteriaId: "2740B5E5-E8D2-491E-B174-A1A9DF812418", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_2:*:*:*:*:*:*:*", matchCriteriaId: "60D93DAA-0ED6-4DA5-B7A5-50D5567A6178", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_2a:*:*:*:*:*:*:*", matchCriteriaId: "DEA1ABD3-D076-4CA6-A12D-3C3BB5080B1D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_2b:*:*:*:*:*:*:*", matchCriteriaId: "54B14EC5-4391-4698-BF6F-2726FD28D318", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1_3a:*:*:*:*:*:*:*", matchCriteriaId: "B5F1270F-DBF6-4938-A1A0-732EE52C83E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0_1:*:*:*:*:*:*:*", matchCriteriaId: "05F443F9-B454-42B3-8464-ACEA40066DF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0_1a:*:*:*:*:*:*:*", matchCriteriaId: "1FBF1FDC-7096-4EE6-B9A2-0C9971F407D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1_1a:*:*:*:*:*:*:*", matchCriteriaId: "047E45A0-C0F0-4900-B5FB-8F0A5852732D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.", }, { lang: "es", value: "El servicio Certificate Authority Proxy Function (CAPF) service de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, y 4.3 versiones anteriores a 4.3(2) permite a atacantes remotos provocar una denegación de servicio (caída del servicio) a través de tráfico de red malformado, también conocido como Bug ID CSCsk46770.", }, ], id: "CVE-2008-1744", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-07-15 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 5.0 | |
| cisco | unified_communications_manager | 5.1\(1\) | |
| cisco | unified_communications_manager | 5.1\(2\) | |
| cisco | unified_presence_server | 1.0 | |
| cisco | unified_presence_server | 1.0\(1\) | |
| cisco | unified_presence_server | 1.0\(2\) | |
| cisco | unified_presence_server | 1.0\(3\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*", matchCriteriaId: "7F897DA4-E313-45C8-A4FB-52404D6541BE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "22B299D9-A18B-41D9-B976-57AFDAA751DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:1.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "9465A4F0-44C0-4A43-962E-0CCEADA05533", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.", }, { lang: "es", value: "Vulnerabilidad no especificada en Cisco Unified Communications Manager (CUCM, antiguamente CallManager) y Unified Presence Server (CUPS) permite a atacantes remotos provocar una denegación de servicio (pérdida de servicios de clúster) mediante vectores no especificados, también conocido como (1) CSCsj09859 y (2) CSCsj19985.", }, ], id: "CVE-2007-3775", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-07-15T22:30:00.000", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/26039", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1018368", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/36123", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/24867", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/2511", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/26039", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1018368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/36123", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/24867", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: false, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su3, 7.x antes de 7.1 (5b) SU3, 8.0 antes de 8.0 (3 bis) su1, y 8.5 antes de 8.5 (1) permite a usuarios autenticados remotamente subir archivos a directorios de su elección a través de una ruta modificada en una petición de subida, también conocido como Bug ID CSCti81603.", }, ], id: "CVE-2011-1607", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-05-03T22:55:02.447", references: [ { source: "psirt@cisco.com", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/44331", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/47608", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025449", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/44331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/47608", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 21:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) | |
| cisco | unified_contact_center_express | 12.0\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "30A8784D-B7A6-4F13-B89D-4ED910CC0576", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.", }, { lang: "es", value: "Una vulnerabilidad en la Tool for Auto-Registered Phones Support (TAPS) de Cisco Unified Communications Manager (UCM) y Cisco Unified Communications Manager Session Management Edition (SME) podría permitir a un atacante remoto no autenticado conducir ataques de salto de directorio sobre un dispositivo afectado. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario en la interfaz de TAPS del dispositivo afectado. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición diseñada hacia la interfaz de TAPS. Una explotación con éxito podría permitir a un atacante leer archivos arbitrarios en el sistema.", }, ], id: "CVE-2020-3177", lastModified: "2024-11-21T05:30:29.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T21:15:35.263", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-05 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/101172 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039505 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101172 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039505 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "395232C7-93D5-4877-A726-32E5BAFAF812", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de usuario de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado ejecute un ataque de Cross-Frame Scripting (XFS). La vulnerabilidad existe debido a que el software afectado no proporciona suficientes medidas de protección para los frames inline de HTML (iframes). Un atacante podría explotar esta vulnerabilidad dirigiendo a un usuario del software afectado a una página web controlada por el atacante que contenga un frame inline de HTML malicioso. Con el exploit adecuado, el atacante podría llevar a cabo un ataque de clic-jacking u otro tipo de ataques al navegador del cliente. Cisco Bug IDs: CSCve60993.", }, ], id: "CVE-2017-12258", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-05T07:29:00.480", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101172", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039505", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-20 05:18
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.", }, { lang: "es", value: "Vulnerabilidad de CSRF en la página Call Detail Records Analysis and Reporting (CAR) en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que realizan modificaciones CAR, también conocido como Bug ID CSCum46468.", }, ], id: "CVE-2014-0736", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-02-20T05:18:04.267", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029792", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029792", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "722EE4EC-43D8-4956-8F53-B13B23A1CE03", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "A704B14E-EC47-47E5-8AA1-35E0138B6A69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "6F95246B-7822-4077-BC9C-3E1C0B02C139", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "A5D01D8A-9F92-4900-941C-0B481D277D95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "E72DE400-8ACA-4D01-8BBE-7F13959F4DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(6\\):*:*:*:*:*:*:*", matchCriteriaId: "F049CAA8-6FA8-4642-910C-70C8D3CEAF96", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:6.0\\(7\\):*:*:*:*:*:*:*", matchCriteriaId: "DBE02502-3A25-4C33-9F10-D11B1D8A915A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D94318C6-D439-4929-AA07-C9E71B6E8B1C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "8B9C5872-317C-4A68-8E99-DEB224BAE607", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "D6F4FC53-3627-4826-8CFC-BEEBCB8CEC87", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "8BACEF63-F22A-4B39-84AE-A950AC024EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "703C2FA6-B723-41B1-BEA3-87AABD6F85DC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(6\\):*:*:*:*:*:*:*", matchCriteriaId: "80D0D477-4976-45FB-A089-5C19119D2BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(7\\):*:*:*:*:*:*:*", matchCriteriaId: "0398D739-6A84-4817-AFD0-80A4513F1AD4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(8\\):*:*:*:*:*:*:*", matchCriteriaId: "5A912AAC-11BE-4E44-A6D2-3D9EB0924A8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:7.0\\(9\\):*:*:*:*:*:*:*", matchCriteriaId: "95C017B1-9404-478D-9696-864E86C0A600", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:8.0:*:*:*:*:*:*:*", matchCriteriaId: "62F99A3E-6B66-495F-A9DA-B398FDBD68C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:8.5:*:*:*:*:*:*:*", matchCriteriaId: "E9757D60-0BCB-438A-9E51-9384F2A81170", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2A3381A0-7712-4E4C-8AAF-625BBEF00F49", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:8.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6C1FEB93-F4CD-4B75-8B45-2278F8D0A3A2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence_server:8.5\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "29D3C8B8-3F20-44E4-BE21-2376B98AD0E6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido como CUCM o formerly CallManager) v6.x, v7.x antes de v7.1(5b)su4, v8.0, y v8.5 antes de v8.5(1)su2 y Cisco Unified Presence Server v6.x, v7.x, v8.0, y v8.5 antes de v8.5xnr, permite a atacantes remotos leer datos de la base de datos conectandose a la interfaz de consulta a través de una sesión SSL, también conocido como Bug IDs CSCti81574, CSCto63060, CSCto72183 y CSCto73833.", }, ], id: "CVE-2011-1643", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-29T15:55:01.127", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.11007.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*", matchCriteriaId: "7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).", }, { lang: "es", value: "Una vulnerabilidad en el marco web de Cisco Unified Communications Manager (CallManager) podría permitir que un atacante remoto autenticado realice un ataque XSS. Más información: CSCvb70033. Lanzamientos conocidas afectadas: 11.5 (1.11007.2). Lanzamientos conocidos solucionados: 12.0 (0.98000.507) 11.0 (1.23900.5) 11.0 (1.23900.3) 10.5 (2.15900.2).", }, ], id: "CVE-2017-3874", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T22:59:00.453", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96914", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038037", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr.5:*:*:*:*:*:*", matchCriteriaId: "FBE07ABF-97B2-48B4-8EF6-861AB41340F2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr4:*:*:*:*:*:*", matchCriteriaId: "9135D3DE-5110-47CB-A23F-7CE3D9AFD153", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5:*:*:*:*:*:*", matchCriteriaId: "914A2B2A-6292-451B-B26A-1B529CECBE3B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5b:*:*:*:*:*:*", matchCriteriaId: "72FAE8F7-504A-4B6F-9C9D-45158AC6C208", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5c:*:*:*:*:*:*", matchCriteriaId: "835DD627-C5F1-4733-8949-C91592EC719A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "0467A78A-8449-4012-BD80-86BAF8376B8C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "363E750B-4BC1-4A4B-8440-1617BEF9D8A4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1.3:*:*:*:*:*:*:*", matchCriteriaId: "B44AB103-60E6-4FAF-BD7C-54365E30C88A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2\\(3\\)sr.2:*:*:*:*:*:*", matchCriteriaId: "701A374B-00A7-4151-8652-9A39FAECBC5A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr2b:*:*:*:*:*:*", matchCriteriaId: "42F41FF1-3FD1-4E90-877C-AC10D56CFEA8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr3:*:*:*:*:*:*", matchCriteriaId: "291CFDEC-CDF8-438D-9D1E-2832CE705FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "0B9DCB59-F6AD-4CBD-B746-8FBA4BF733CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr2b:*:*:*:*:*:*:*", matchCriteriaId: "F3E094AB-5F10-4238-BBE3-236B7306C995", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "2496F01D-E387-48CD-B586-826D284BBC2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "B5955E35-E200-4054-8757-39BD04F13220", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3_sr3:*:*:*:*:*:*:*", matchCriteriaId: "55FCD7DD-A979-4B35-8C9C-5DAA340D2AEA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_1:*:*:*:*:*:*:*", matchCriteriaId: "E837527C-D5FA-479F-A61B-8667972FC594", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_2:*:*:*:*:*:*:*", matchCriteriaId: "488023AF-EA56-40E2-9A23-61EA758180D7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3:*:*:*:*:*:*:*", matchCriteriaId: "D9E1D151-8031-447A-9CB9-871599404339", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2_3sr1:*:*:*:*:*:*:*", matchCriteriaId: "5C48DC30-8F7D-4448-9C42-3CBC25053C99", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:4.3\\(1\\)sr.1:*:*:*:*:*:*", matchCriteriaId: "25EF5BF5-5909-4194-96DD-E8725BD3499A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\)sr.1:*:*:*:*:*:*:*", matchCriteriaId: "A459F3A2-817B-4F7F-AF9B-4EACB90B7DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "0BB09252-6C59-4E1C-93C8-0AC3ED54A294", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(2\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "CA0F270A-F953-43C7-9358-3B237B355BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0DCCDC7F-5326-4B6B-9B6F-DAD43E51CD76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3_1:*:*:*:*:*:*:*", matchCriteriaId: "7F524EFB-C076-4EA2-8BF7-9A1B21036CBB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "42F3870B-5DE9-4E3E-BEA7-863916DD45DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1:*:*:*:*:*:*:*", matchCriteriaId: "77979322-F060-4DD4-A6F2-B1157664C0FA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.", }, { lang: "es", value: "CTI Manager service en Cisco Unified Communications Manager (tambien conocido como CUCM, formerly CallManager) v4.x anteriores a v4.3(2)sr1a, v6.x anteriores a v6.1(3), v7.0x anteriores a v7.0(2), v7.1x anteriores a v7.1(2), y v8.x anteriores a v8.0(1) permite a atacantes remotos producir una denegación de servicio (fallo del servicio) a través de un mensaje manipulado, cambien conocido como Bug ID CSCsu31800.", }, ], id: "CVE-2010-0592", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-03-05T16:30:00.863", references: [ { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1023670", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/38497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1023670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38497", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-07-15 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | * | |
| cisco | unified_callmanager | 5.0 | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "7454C447-FE60-4DAE-8241-A9416A7206A6", versionEndIncluding: "3.3\\(5\\)sr2", versionStartIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "F2C88AFF-AC92-4CCF-869F-14E7DB9CF1C3", versionEndIncluding: "4.1\\(3\\)sr4", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "0FB2FA97-9DDA-49D9-A931-D3AD130018E4", versionEndIncluding: "4.2\\(3\\)sr1", versionStartIncluding: "4.2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "487FC0BB-ACBE-479B-B7A7-33059EF3D59B", versionEndIncluding: "5.1\\(2\\)", versionStartIncluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "37FEF567-5F92-40BB-8581-3FCF584AAA1A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5FC80E93-195E-47EB-9D96-7CA5BCF1F73B", versionEndIncluding: "4.3\\(1\\)", versionStartIncluding: "4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.", }, { lang: "es", value: "Desbordamiento de entero en Real-Time Information Server (RIS) Data Collector service (RisDC.exe) de Cisco Unified Communications Manager (CUCM, anteriormente denominado CallManager) versiones anteriores a 20070711 permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados, resultando en un desbordamiento de búfer basado en montículo.", }, ], id: "CVE-2006-5278", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-07-15T22:30:00.000", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/26043", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1018369", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.iss.net/threats/271.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.osvdb.org/36121", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/24868", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/26043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1018369", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.iss.net/threats/271.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.osvdb.org/36121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/24868", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 4.3\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.", }, { lang: "es", value: "El Packet Capture Service en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v4.x, no maneja adecuadamente las conexiones TCP inactivas, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y reinicio) realizando múltiples conexiones, también conocido como Bug ID CSCtf97162.", }, ], id: "CVE-2011-2560", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-29T15:55:01.190", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.", }, { lang: "es", value: "La implementación Certificate Authority Proxy Function (CAPF) CLI en la funcionalidad de gestión CSR en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales leer o modificar archivos arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCum95464.", }, ], id: "CVE-2014-0742", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:N", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 9.2, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-27T01:55:03.350", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029843", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-21 19:15
Modified
2024-11-21 06:43
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "64D27440-93CF-4806-91CB-8234DB2FB89F", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "E0B2F05A-797D-48F5-9013-7E2C691DAD88", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "3F2FEC5B-FEA0-4766-BC68-E3391EAB2343", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "5669C77B-2126-495B-B999-7D7399A280E5", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web del software Cisco Unified Communications Manager (Unified CM) y del software Cisco Unified CM Session Management Edition (SME) podría permitir a un atacante remoto y autenticado conducir un ataque de tipo cross-site request forgery (CSRF) en un dispositivo afectado. Esta vulnerabilidad es debido a una insuficiencia de las protecciones de tipo CSRF para la interfaz de administración basada en web en un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace malicioso. Una explotación con éxito podría permitir al atacante llevar a cabo acciones arbitrarias con el nivel de privilegio del usuario afectado", }, ], id: "CVE-2022-20787", lastModified: "2024-11-21T06:43:33.353", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-21T19:15:08.523", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-22 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.", }, { lang: "es", value: "La administración del interfaz en Cisco Unified Communications Manager (Unified CM) 10.0(1) y versiones anteriores permite a atacantes remotos eludir la autenticación y leer archivos Java class a través de una petición directa, vulnerabilidad también conocida como Bug ID CSCum46497.", }, ], id: "CVE-2014-0731", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-22T21:55:09.670", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32915", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-26 16:21
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 4.1 | |
| cisco | unified_callmanager | 4.2 | |
| cisco | unified_callmanager | 4.3 | |
| cisco | unified_communications_manager | 4.1 | |
| cisco | unified_communications_manager | 5.0 | |
| cisco | unified_communications_manager | 5.1 | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | ios | 12.2 | |
| cisco | ios | 12.3 | |
| cisco | ios | 12.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "AC772518-51CC-4692-BEB2-2C9C2A215F44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "9A5E0999-9FB7-4255-A8CF-5D74E70FD56A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "50BA656D-4103-4BE7-9C8A-BDC9580B7E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "0668C45B-9D25-424B-B876-C1721BFFE5DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.", }, { lang: "es", value: "Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (reinicio de proceso o de dispositivo) a través de mensajes SIP válidos no especificados, también conocidos como \"Cisco Bug ID CSCsu38644\". Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802.", }, ], id: "CVE-2008-3800", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-09-26T16:21:44.067", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31990", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/32013", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31367", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020939", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020942", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/32013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la interfaz CallManager Interactive Voice Response (CMIVR) en Cisco Unified Communications Manager (UCM) permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05318.", }, ], id: "CVE-2014-0727", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.607", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/103219", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32844", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/103219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32844", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65516", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la interfaz web administrativa en Cisco Unified Communications Manager permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una respuesta manipulada, también conocido como Bug ID CSCup88089.", }, ], id: "CVE-2014-3366", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-31T10:55:02.033", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/70855", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031160", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98405", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70855", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98405", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-01 02:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.", }, { lang: "es", value: "Cisco Unified Communications Manager (aka CUCM o Unified CM) permite a atacantes remotos provocar una denegación de servicio (reinicio del servicio) a través de un mensaje SIP manipulado, también conocido como Bug ID CSCub54349.", }, ], id: "CVE-2013-5555", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-11-01T02:55:05.027", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-05 13:22
Modified
2025-04-11 00:51
Severity ?
Summary
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.", }, { lang: "es", value: "El portal web de Cisco Unified Communications Manager (Unified CM) permite a los usuarios remotos autenticados obtener información sensible de la traza de pila a través de vectores no especificados que desencadenan una excepción en la pila, también conocido como Bug ID CSCug34854.", }, ], id: "CVE-2013-3442", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-05T13:22:47.897", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-05-03 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 8.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.", }, { lang: "es", value: "El componente voice-sipstack en Cisco Unified Communications Manager (CUCM) v8.5 permite a atacantes remotos causar una denegación de servicio (core dump) a través de vectores relacionados con los mensajes SIP que llegan después de una actualización, también conocido como Bug ID CSCtj87367.", }, ], id: "CVE-2012-0376", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-05-03T20:55:03.513", references: [ { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-12-21 14:22
Modified
2025-04-11 00:51
Severity ?
Summary
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A7C03E4-0E59-44D0-B3FB-77A2CB8A014F", versionEndIncluding: "9.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading \"extraneous information\" in HTML source code, aka Bug ID CSCuj39249.", }, { lang: "es", value: "El componente disaster recovery system (DRS) en CIsco Unified Communications Manager (UCM) 9.1 (1) y anteriores permite usuarios remotos autenticados obtener información sensible dle dispositivo leyendo \"extraneous information\" en el código fuente HTML, tambien conocido como Bug ID CSCuj39249.", }, ], id: "CVE-2013-6978", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-12-21T14:22:57.190", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/101162", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32219", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/64421", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029520", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/101162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32219", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/64421", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89834", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-12-14 00:59
Modified
2025-04-12 10:46
Severity ?
Summary
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/94798 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94798 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.11007.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*", matchCriteriaId: "7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).", }, { lang: "es", value: "Una vulnerabilidad en la herramienta de subida Cisco Unified Reporting accediendo a través Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado modificar archivos arbitrarios en el sistema de archivos. Más Información: CSCvb61698. Lanzamientos Afectados Conocidos: 11.5(1.11007.2). Lanzamientos Reparados Conocidos: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).", }, ], id: "CVE-2016-9210", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-12-14T00:59:32.227", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94798", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-27 09:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/102965 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040342 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102965 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040342 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.", }, { lang: "es", value: "Una vulnerabilidad en el framework de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado visualice datos sensibles. Esta vulnerabilidad se debe a una protección de tablas de bases de datos insuficiente. Un atacante podría explotar esta vulnerabilidad navegando hasta una URL específica. Una explotación con éxito podría permitir a un atacante visualizar información de bibliotecas de datos. Cisco Bug IDs: CSCvh66592.", }, ], id: "CVE-2018-0198", lastModified: "2024-11-21T03:37:42.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-27T09:29:00.343", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102965", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040342", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/102965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040342", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-693", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-425", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-07 17:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de Cisco Unified Communications Manager podría permitir a un atacante autenticado y remoto afectar la confidencialidad del sistema ejecutando consultas SQL arbitrarias, también conocida como inyección de SQL. El atacante debe ser autenticado como usuario administrativo para ejecutar consultas de base de datos SQL. Más información: CSCvc74291. Lanzamientos afectados conocidos: 1.0(1.10000.10) 11.5(1.10000.6). Lanzamientos fijos conocidos: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).", }, ], id: "CVE-2017-3886", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-07T17:59:00.420", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97432", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038192", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038192", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-28 15:15
Modified
2024-11-21 07:40
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) | |
| cisco | unified_communications_manager | 14.0\(1.10000.20\) | |
| cisco | unified_communications_manager | 14.0\(1.10000.20\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:session_management:*:*:*", matchCriteriaId: "D08CC27A-6320-45C4-82AA-66AC316D6C3A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:session_management:*:*:*", matchCriteriaId: "13A5DB3B-B62D-4E66-9D56-A1E54B1A9AEC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:session_management:*:*:*", matchCriteriaId: "4F504F7A-FA4C-4CA1-8CAE-417ABD900C85", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0\\(1.10000.20\\):*:*:*:*:*:*:*", matchCriteriaId: "C4B25936-F690-4A75-9704-39AE7A285B86", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0\\(1.10000.20\\):*:*:*:session_management:*:*:*", matchCriteriaId: "60DA9958-C2A8-4F9D-98B1-617C87A09DF1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.", }, ], id: "CVE-2023-20116", lastModified: "2024-11-21T07:40:35.597", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-28T15:15:09.640", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-10 16:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/106538 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106538 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.14076.1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.14076.1\\):*:*:*:*:*:*:*", matchCriteriaId: "7E96831F-40D0-4C7C-97FC-E8D3C063822C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión web de Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado visualice credenciales digest en texto claro. La vulnerabilidad se debe a la inclusión incorrecta de contraseñas almacenadas en las páginas de configuración. Un atacante podría explotar esta vulnerabilidad iniciando sesión en la interfaz web de gestión de Cisco Unified Communications Manager y visualizando el código fuente de la página de configuración. Su explotación con éxito podría permitir que el atacante recupere contraseñas y exponga esas cuentas a más ataques.", }, ], id: "CVE-2018-0474", lastModified: "2024-11-21T03:38:18.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-10T16:29:00.333", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106538", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/106538", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-04 17:15
Modified
2024-11-21 07:41
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.
This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | emergency_responder | 14su3 | |
| cisco | prime_collaboration_deployment | 14su3 | |
| cisco | unified_communications_manager | 12.5\(1\)su7 | |
| cisco | unified_communications_manager | 12.5\(1\)su7 | |
| cisco | unified_communications_manager | 14su3 | |
| cisco | unified_communications_manager | 14su3 | |
| cisco | unified_communications_manager_im_\&_presence_service | 12.5\(1\)su7 | |
| cisco | unified_communications_manager_im_\&_presence_service | 14su3 | |
| cisco | unity_connection | 14su3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:14su3:*:*:*:*:*:*:*", matchCriteriaId: "CF848485-44D0-4354-852A-8E859E050A07", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_collaboration_deployment:14su3:*:*:*:*:*:*:*", matchCriteriaId: "9399AD59-4F8E-4B8E-AF9B-F2785993DBC8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*", matchCriteriaId: "397E6105-7508-4DEB-AD6D-1E702E31C875", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:session_management:*:*:*", matchCriteriaId: "94FFAF94-86EC-468C-A7F9-D85D3DE86A85", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14su3:*:*:*:*:*:*:*", matchCriteriaId: "D4FFC030-F8FD-486F-83C5-4C8F2932CE5F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14su3:*:*:*:session_management:*:*:*", matchCriteriaId: "EB4AF502-94FF-4CCF-B99F-A4AEDE032128", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*", matchCriteriaId: "E0B6DA5E-39BB-40B5-8BB6-30E77F89DE79", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:14su3:*:*:*:*:*:*:*", matchCriteriaId: "4CD16AB0-3BB8-4ECF-B0F8-B7AE8B41BF87", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*", matchCriteriaId: "181866CE-6279-4422-8EF8-7A12DB5B21F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.", }, { lang: "es", value: "Una vulnerabilidad en un endpoint de la API de múltiples productos de Comunicaciones Unificadas de Cisco podría permitir que un atacante remoto no autenticado provoque una alta utilización de la CPU, lo que podría afectar el acceso a la interfaz de administración basada en web y causar retrasos en el procesamiento de llamadas. Esta API no se utiliza para la administración de dispositivos y es poco probable que se utilice en las operaciones normales del dispositivo. Esta vulnerabilidad se debe a una autenticación de API incorrecta y a una validación incompleta de la solicitud. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a una API específica en el dispositivo. Un exploit exitoso podría permitir que el atacante cause una condición de denegación de servicio (DoS) debido a una alta utilización de la CPU, lo que podría afectar negativamente al tráfico de usuarios y al acceso de administración. Cuando el ataque cese, el dispositivo se recuperará sin intervención manual.", }, ], id: "CVE-2023-20259", lastModified: "2024-11-21T07:41:00.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-04T17:15:09.990", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-08-26 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4FFB7FB9-0DDA-4F14-B372-68B84F9936F3", versionEndIncluding: "6.1\\(5\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5536D6A1-B7F4-4A88-8609-6AA3DE15BAC2", versionEndIncluding: "7.0\\(2a\\)su2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FB76A56C-880B-4146-A023-3DCFF5D2C39F", versionEndIncluding: "7.1\\(5\\)su1a", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.", }, { lang: "es", value: "La implementación SIPStationInit en Cisco Unified Communications Manager (también conocida como CUCM, anteriormente CallManager) v6.1SU anterior a v6.1(5)SU1, v7.0SU anterior a v7.0(2a)SU3, v7.1SU anterior a v7.1(3b)SU2, v7.1 anterior a v7.1(5), y v8.0 anterior a v8.0(1), permite a atacantes remotos provocar una denegación de servicio (fallo de proceso) a través de un mensaje SIP mal formado, también conocido como Bug ID CSCtd17310.", }, ], evaluatorSolution: "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml\r\n\r\n'Cisco bug ID CSCtd17310 and has been assigned the CVE identifier CVE-2010-2837. This vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(5)SU1, 7.0(2a)SU3, 7.1(3b)SU2, 7.1(5) and 8.0(1). Cisco Unified Communications Manager version 4.x is not affected.'", id: "CVE-2010-2837", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-08-26T21:00:01.450", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2010/2187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/2187", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-27 17:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B48B0779-7796-45D2-8967-459F562A6243", versionEndExcluding: "5.1\\(3g\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "98AF7F97-8702-4E7B-BDE4-BD5A3114FDF4", versionEndExcluding: "6.1\\(4\\)", versionStartIncluding: "6.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "906EED24-1D35-4952-AFCA-D7D5223F66D3", versionEndExcluding: "7.0\\(2a\\)su1", versionStartIncluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "96DB29BF-9A40-4591-BE41-C519B86C2EEF", versionEndExcluding: "7.1\\(2\\)", versionStartIncluding: "7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.", }, { lang: "es", value: "Cisco Unified Communications Manager (también conocido, formalmente CallManager) v4.x, v5.x anteriores a v5.1(3g), v6.x anteriores a v6.1(4), v7.0 anteriores a v7.0(2a)su1, y v7.1 anteriores a v7.1(2) permite a los atacantes remotos causar una denegación de servicio (agotamiento del descriptor de fichero y parada SCCP) a través de la inundación de paquetes TCP, también conocido como Bug ID CSCsx32236.", }, ], id: "CVE-2009-2053", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-27T17:00:01.030", references: [ { source: "psirt@cisco.com", tags: [ "Broken Link", ], url: "http://osvdb.org/57455", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36498", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://osvdb.org/57455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/36152", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1022775", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-05 13:22
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.", }, { lang: "es", value: "Múltiples vulnerabilidades CSRF (cross-site request forgery) en Cisco Unified Communications Manager (Unified CM), permite a atacantes remotos secuestrar la autenticación de los usuarios para las solicitudes que realizan operaciones arbitrarias en Unified CM, también conocido como Bug ID CSCui13033.", }, ], id: "CVE-2013-3451", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-08-05T13:22:47.910", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3451", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-19 20:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/103937 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040719 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103937 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040719 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.", }, { lang: "es", value: "Una vulnerabilidad en el framework web de Cisco Unified Communications Manager podría permitir que un atacante local autenticado visualice datos sensibles que deberían estar restringidos. Esto podría incluir credenciales LDAP. Esta vulnerabilidad se debe a una protección de tablas de bases de datos insuficiente en la interfaz web. Un atacante podría explotar esta vulnerabilidad navegando hasta una URL específica. Su explotación podría permitir que el atacante vea información sensible que debería estar restringida. Cisco Bug IDs: CSCvf22116.", }, ], id: "CVE-2018-0267", lastModified: "2024-11-21T03:37:50.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-19T20:29:01.533", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103937", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040719", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040719", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-425", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-11-16 07:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:-:*:*:*:*:*:*:*", matchCriteriaId: "B3342DE3-F98B-48CF-9416-FA8D7F062E65", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:-:*:*:*:*:*:*:*", matchCriteriaId: "8F343F98-1100-489F-B34C-480F7898A240", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*", matchCriteriaId: "F8A8E190-1846-44ED-9572-D80D71A433DB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*", matchCriteriaId: "9B0A2D56-3667-438C-A367-4DB74F72507B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_license_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "6EE11E45-1A8C-497C-A1B1-ED695E812CA0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*", matchCriteriaId: "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "395232C7-93D5-4877-A726-32E5BAFAF812", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*", matchCriteriaId: "863C456D-EE60-49F8-AFB0-795EA29CD93D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*", matchCriteriaId: "16991CD6-A32F-4891-B6B6-41D050FC1412", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*", matchCriteriaId: "444F1581-0CD5-40B9-8C9E-0E428E6D75C1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*", matchCriteriaId: "0368C678-72A4-4F48-B31D-77A6BDAAC4DE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*", matchCriteriaId: "4AF08793-199C-4729-9765-059678A5BE77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.", }, { lang: "es", value: "Una vulnerabilidad en el mecanismo de actualización de productos de colaboración de Cisco basados en la plataforma de software Cisco Voice Operating System podría permitir que un atacante remoto no autenticado obtenga acceso elevado no autorizado a un dispositivo afectado. La vulnerabilidad ocurre cuando un refresh upgrade (RU) o una migración Prime Collaboration Deployment (PCD) se realiza en un dispositivo afectado. Cuando un refresh upgrade o una migración PCD se completa con éxito, una marca de ingeniería se mantiene habilitada y podría permitir el acceso root al dispositivo con una contraseña conocida. Si el dispositivo vulnerable se actualiza empleando el método de actualización estándar a un Engineering Special Release, la actualización del servicio o una nueva actualización del producto afectado, esta vulnerabilidad se remedia mediante tal acción. Nota: Los Engineering Special Release que se instalan como archivos COP, a diferencia del método de actualización estándar, no remedian esta vulnerabilidad. Un atacante que pueda acceder a un dispositivo afectado mediante SFTP mientras se encuentre en un estado vulnerable podría obtener acceso root al dispositivo. Este acceso podría permitir que el atacante comprometa completamente el sistema afectado. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.", }, ], id: "CVE-2017-12337", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-16T07:29:01.023", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101865", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039813", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039814", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039815", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039816", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039817", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039818", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039819", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039820", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101865", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039817", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104425 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041068 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104425 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041068 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de Cisco Unified Communications Manager (Unified CM) podría permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Frame Scripting (XFS) reflejado contra un usuario de dicha interfaz en el sistema afectado. Esta vulnerabilidad se debe a las protecciones insuficientes de frames inline HTML (iframes) de la interfaz web del software afectado. Un atacante podría explotar esta vulnerabilidad persuadiendo a un usuario de la interfaz afectada para que visite una página web controlada por el atacante que contenga un iframe de HTML malicioso. Su explotación con éxito podría permitir que el atacante lleve a cabo el secuestro de clics u otros ataques de navegador del lado del cliente en el sistema afectado. Cisco Bug IDs: CSCvg19761.", }, ], id: "CVE-2018-0355", lastModified: "2024-11-21T03:38:02.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-07T21:29:00.837", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104425", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041068", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104425", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041068", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-1021", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-03-01 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D562BA39-A14D-4E9F-AFCB-B9F6859871DE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "6297C4F7-28D7-4705-AF77-D207BD37CB32", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5BF9A73-0E5C-4FBE-9581-7B15D1288BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6.2:*:*:*:*:*:*:*", matchCriteriaId: "D63A13EC-E339-4324-BE52-6DCA2C1C5136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:business_edition_3000:-:*:*:*:*:*:*:*", matchCriteriaId: "20D1D8B5-9747-40DB-A4FE-B540C9097086", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.5:*:*:*:*:*:*:*", matchCriteriaId: "1721C3E6-CAFB-4093-B62B-F702E23E2362", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "18CAF185-1FDF-4487-8060-E2A765B2ECE9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6:*:*:*:*:*:*:*", matchCriteriaId: "410F85BD-D93D-4AD4-B101-F778CD1F292B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B050E02D-EE99-4706-B15B-11DACF119D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "15D9013B-C4EB-45E3-AFC6-3D92865C2A3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "61C1465E-3229-4A72-80E5-C82736021F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "FD003661-662F-43B1-902B-FB4812919AE5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:business_edition_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "766F3C0E-B41D-4944-8BBF-3A268C8A75CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "960BE31B-A480-44AF-9D50-9F185B7D16FB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "711894D8-6183-429E-9774-248107B359D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "CF144D24-43D0-44E0-A7B7-4EED333BD4A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "BC9ADE41-37AD-4A0C-A963-66161D000B6D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1-2011o\\):*:*:*:*:*:*:*", matchCriteriaId: "CDD81820-BCC4-4A66-8B6F-208956DBC466", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "57C8BA28-19F0-4143-B274-23C7FE0DC987", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "5D8E0F3C-06E5-4078-8A9E-9071AF23A8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "4CD80DFF-ABAA-41F4-B477-109CC4356988", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "4C4F3553-C49E-48DC-97FE-CAD258632CF8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:business_edition_6000:-:*:*:*:*:*:*:*", matchCriteriaId: "03C14962-852B-40A7-ADD9-7983C9A36529", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.", }, { lang: "es", value: "Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anterior a v7.1(5b)su5, v8.0 anterior a v8.0(3a)su3, y v8.5 y v8.6 anterior a v8.6(2a)su1 y Cisco Business Edition 3000 con software anterior a v8.6.3 y 5000 y 6000 con software anterior a v8.6(2a)su1 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un registro SCCP manipulado, también conocido como Bug ID CSCtu73538.", }, ], evaluatorImpact: "Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm\r\n\r\n'The following products are affected by the vulnerabilities that are described in this advisory:\r\n\r\n * Cisco Unified Communications Manager Software versions 6.x \r\n * Cisco Unified Communications Manager Software versions 7.x \r\n * Cisco Unified Communications Manager Software versions 8.x'", id: "CVE-2011-4486", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-03-01T01:55:00.707", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-02-27 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 8.6 | |
| cisco | unified_communications_manager | 8.6\(1\) | |
| cisco | unified_communications_manager | 8.6\(1a\) | |
| cisco | unified_communications_manager | 8.6\(2\) | |
| cisco | unified_communications_manager | 8.6\(2a\) | |
| cisco | unified_communications_manager | 8.6\(2a\)su1 | |
| cisco | unified_communications_manager | 8.6\(4\) | |
| cisco | unified_communications_manager | 9.0\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.", }, { lang: "es", value: "Cisco Unified Communications Manager (CUCM) v8.6 antes de v8.6 (2a)su2, v8.6 BE3k antes de v8.6(4)BE3k y v9.x antes de v9.0(1) permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y la interfaz gráfica de usuario y cortes de voz) a través de paquetes malformados a los puertos UDP utilizados, también conocido como Bug ID CSCtx43337.", }, ], id: "CVE-2013-1133", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-27T21:55:04.107", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-07 06:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/100119 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039064 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796 | Vendor Advisory | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100119 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039064 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.", }, { lang: "es", value: "Una vulnerabilidad en el framework web de Cisco Unified Communications Manager 11.5(1.10000.6) podría permitir que un atacante remoto autenticado acceda a archivos arbitrarios dentro de la estructura del directorio root web en un dispositivo afectado. Esta vulnerabilidad también se debe a la insuficiente validación de entradas por parte del software afectado. Un atacante podría explotar esta vulnerabilidad mediante el uso de técnicas de salto de directorio para leer archivos en la estructura del directorio root web en el sistema de archivos de Cisco Unified Communications Manager. Cisco Bug IDs: CSCve13796.", }, ], id: "CVE-2017-6758", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-07T06:29:00.510", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100119", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039064", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100119", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039064", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-12-16 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(0.98000.88\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(0.98000.88\\):*:*:*:*:*:*:*", matchCriteriaId: "5E944B20-B158-420D-9176-30F5B6C03D26", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.", }, { lang: "es", value: "El subsistema WebApplications Identity Management en Cisco Unified Communications Manager 10.5(0.98000.88) permite a atacantes remotos causar una denegación de servicio (interrupción del subsistema) a través de sesiones token inválidas, también conocido como Bug ID CSCul83786.", }, ], id: "CVE-2015-6425", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-12-16T15:59:00.117", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/79275", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1034431", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/79275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034431", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-08-31 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "B6049596-9D62-4EC4-BEAE-A2023F6F3346", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "87560280-EF6A-46DC-9368-0C98E0A5B7E8", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "F977BD4D-308D-4415-9302-5C44238881A7", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "373E71AE-C735-4476-A574-56C35BAD8DB0", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "9F9AA9D0-3205-4A5D-8161-C80D1855D91E", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "B771F3F8-CD24-4710-A7A8-D4F9E0DB4BB2", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "71DA8A99-A678-42F8-AFC5-323E77D9BCC5", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "D3C30434-29FD-45D4-B9D8-BEB65FE4471A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "7FA55FCB-FFFB-495F-86A8-262E7995B519", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "E6ECFC2B-9978-46FF-BC4E-A81B9B835E29", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "3979687E-2BDE-42CD-ACF6-5EE3AF6CD5B2", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "EB63E43F-96D1-442E-8AA7-B0183117F6A4", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "86960ABE-F133-49EE-A8E3-70CF1DD93ADC", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "36C8C9AA-8AA2-40C2-88A2-0860543601C6", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "98B77A94-5477-4703-9421-2266EC603319", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5AF86C50-A2B2-4944-8361-C67766DCA2DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.", }, { lang: "es", value: "Múltiples vulnerabilidades de inyección SQL en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permiten a atacantes remotos ejecutar comandos SQL de su elección mediante la variable lang en la página de acceso de (1) usuario ó (2) administrador, también conocido como CSCsi64265.", }, ], id: "CVE-2007-4634", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-08-31T23:17:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26641", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1018624", }, { source: "cve@mitre.org", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25480", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3010", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1018624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/25480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36326", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-07-14 21:55
Modified
2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.0\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "0890B9FC-671D-4CB4-BA5C-3D3EE7124BCC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en Real-Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (CM) 10.0(1) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup57676.", }, ], id: "CVE-2014-3319", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-07-14T21:55:05.843", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59734", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030554", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59734", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-18 03:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A7C03E4-0E59-44D0-B3FB-77A2CB8A014F", versionEndIncluding: "9.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an \"overload\" of the command-line utility, aka Bug ID CSCui58229.", }, { lang: "es", value: "Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores permite a usuarios locales eludir los permisos de archivos, y leer, modificar o crear ficheros arbitrariamente, a través de una \"sobrecarga\" de la utilidad de línea de comandos, también conocido como Bug ID CSCui58229.", }, ], id: "CVE-2013-6689", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-11-18T03:55:06.133", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31758", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.", }, { lang: "es", value: "El proceso SIP en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v7.x antes de v7.1(5b)su4 y v8.x antes de v8.0(1), no maneja adecuadamente datos SDP entre una llamada SIP en ciertas situaciones relacionadas con el uso del codec g729ar8 para Media Termination Point (MTP), lo que permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de una llamada modificada, también conocido como Bug ID CSCtc61990.", }, ], id: "CVE-2011-2561", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-29T15:55:01.220", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-09-23 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", matchCriteriaId: "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*", matchCriteriaId: "752C3C6B-910D-4153-A162-DF255F60306B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*", matchCriteriaId: "28097F62-B51F-4A3B-BB31-6FA67E8C8B5A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*", matchCriteriaId: "80E8AF76-0A1D-4BAE-BF10-D63080352E6E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*", matchCriteriaId: "3B674647-4438-4450-9DCA-25184D4E2682", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*", matchCriteriaId: "86E5CC41-1344-4A65-A653-8012ACE2CF2D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*", matchCriteriaId: "71FB7128-CF11-4903-97D7-418403A03CD6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*", matchCriteriaId: "63EFB20A-78E2-4BA1-B87C-BB74E8982D99", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*", matchCriteriaId: "3A273401-9394-4BC3-879C-DE3EFC09B3F2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*", matchCriteriaId: "6DABF911-FCDF-4095-A95D-4BB73628FCA3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*", matchCriteriaId: "77886493-C30E-439E-BBB4-3D34A8938378", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*", matchCriteriaId: "7813F511-CF6D-487F-9D1C-7A6CF85AD724", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*", matchCriteriaId: "677DC4B6-8B3D-4A0D-9934-743FD7494DF6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*", matchCriteriaId: "F084DA16-24CB-41D1-92B7-C6E0499AAD10", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1ya:*:*:*:*:*:*:*", matchCriteriaId: "194F0AB1-92E6-4CE3-A5A1-904BF75F05D0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*", matchCriteriaId: "884753D4-3AF0-4723-9D51-26BA7B4CA533", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*", matchCriteriaId: "DAF3601D-DF44-4A10-A424-8E97C65A36A5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*", matchCriteriaId: "BC38BD6C-9823-4D2A-8BE2-60AABE3C4932", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1ye:*:*:*:*:*:*:*", matchCriteriaId: "C1835410-77EB-46F2-ACF0-379759D4B0D6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*", matchCriteriaId: "3BB103ED-B170-4193-84CD-4C59F4D6A10A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yh:*:*:*:*:*:*:*", matchCriteriaId: "F88DCCDE-6A81-473F-B4FE-95A84F8DF964", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.1yi:*:*:*:*:*:*:*", matchCriteriaId: "63D55886-268F-4E4D-B00F-8A5D97A73BA6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2b:*:*:*:*:*:*:*", matchCriteriaId: "E314B0F7-1A27-483E-B3B3-947A5561281F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bw:*:*:*:*:*:*:*", matchCriteriaId: "05B838C9-E60E-46A3-A5FB-4F67291D0851", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2bx:*:*:*:*:*:*:*", matchCriteriaId: "2B29F111-CBA4-464D-8B25-C2677BA270EC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2by:*:*:*:*:*:*:*", matchCriteriaId: "E96C76C5-52BA-45D9-9803-048E770BAA84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2cz:*:*:*:*:*:*:*", matchCriteriaId: "B7F75542-F2C5-4CEB-B655-E0620408A3B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2dd:*:*:*:*:*:*:*", matchCriteriaId: "BDC41749-91FC-43DB-A52F-AC3E3A2205C7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2dx:*:*:*:*:*:*:*", matchCriteriaId: "EE0195AE-24FD-43B2-892B-F646B8B5ED6A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ex:*:*:*:*:*:*:*", matchCriteriaId: "0912492E-565A-4559-ABB8-D2898F06CF29", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ira:*:*:*:*:*:*:*", matchCriteriaId: "2424530B-2353-48F2-A076-0C44AAA4C89E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2irb:*:*:*:*:*:*:*", matchCriteriaId: "7B88D71E-C9CB-44D7-AB06-49CFF1117DA4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2irc:*:*:*:*:*:*:*", matchCriteriaId: "113CC627-7381-49DF-B384-CC70FB795EFF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ird:*:*:*:*:*:*:*", matchCriteriaId: "D173F259-359F-4F1A-AF52-F1BCE014B081", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ire:*:*:*:*:*:*:*", matchCriteriaId: "F8DAB30C-D1FB-4DBF-A942-FD141E011173", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixa:*:*:*:*:*:*:*", matchCriteriaId: "DEDCF5A7-14E5-4E0C-88AD-7F891B5EFC66", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixb:*:*:*:*:*:*:*", matchCriteriaId: "F7111CAE-9279-49DA-B05A-046BB3EFA85F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixc:*:*:*:*:*:*:*", matchCriteriaId: "A4203A9F-BBC3-4BF2-B915-C3BF2EB73EAB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixd:*:*:*:*:*:*:*", matchCriteriaId: "E186AB2F-8C5B-45E0-9194-BF66DA64F772", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixe:*:*:*:*:*:*:*", matchCriteriaId: "D32DCDA3-76B6-423C-9AF1-B65F19077909", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixf:*:*:*:*:*:*:*", matchCriteriaId: "BCCE26DD-FE65-4041-AB4D-9C7A16EE175C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixg:*:*:*:*:*:*:*", matchCriteriaId: "FE88965B-D148-43EB-9FC6-2EF5E5C917FC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ixh:*:*:*:*:*:*:*", matchCriteriaId: "37EE8B1F-AA97-459E-9EA0-965A73697243", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2mra:*:*:*:*:*:*:*", matchCriteriaId: "34CC7FC1-4BB9-44C2-A61B-E10A13059DF1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2mrb:*:*:*:*:*:*:*", matchCriteriaId: "7E6CD5FF-B7B3-4E07-B932-758B9429E96D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sbc:*:*:*:*:*:*:*", matchCriteriaId: "F1579A2D-955F-4CC6-9F94-9D40C669D903", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sca:*:*:*:*:*:*:*", matchCriteriaId: "140C7C99-1B50-431C-B55C-DFF308E7ECF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scb:*:*:*:*:*:*:*", matchCriteriaId: "65213862-01D0-4B1D-8C76-B19D083BF460", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scc:*:*:*:*:*:*:*", matchCriteriaId: "F157AA25-A1BD-47BE-ABFF-149C490D9E94", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2scd:*:*:*:*:*:*:*", matchCriteriaId: "1B91019F-1AA1-43AC-BBBC-869B9E8E0988", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sg:*:*:*:*:*:*:*", matchCriteriaId: "E85ABE5E-7900-4A9C-A945-48B293EF46B5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sra:*:*:*:*:*:*:*", matchCriteriaId: "A892B3F0-5A31-4086-8AB5-F06E68588EFC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2srb:*:*:*:*:*:*:*", matchCriteriaId: "D8E6BB50-7C0C-4E31-8DB0-40E145C8D9CF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sre:*:*:*:*:*:*:*", matchCriteriaId: "1738E127-FC9E-4B4C-BA8F-E3A2D661F2B5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2su:*:*:*:*:*:*:*", matchCriteriaId: "FC70491B-F701-4D33-A314-C686469DBD2C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sv:*:*:*:*:*:*:*", matchCriteriaId: "198C24E9-6D45-44FD-B502-D14ACDA99EDA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxa:*:*:*:*:*:*:*", matchCriteriaId: "E7A672BD-87AE-424D-8735-073BBE9CE164", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxb:*:*:*:*:*:*:*", matchCriteriaId: "95C033E3-184B-4AC1-B10D-8318FEAF73FB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxd:*:*:*:*:*:*:*", matchCriteriaId: "FC1DDD7C-7921-45D3-81F7-4D9A407CBB5B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxe:*:*:*:*:*:*:*", matchCriteriaId: "5A68D177-B028-4025-BD7B-82ACDB2D1E21", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sxf:*:*:*:*:*:*:*", matchCriteriaId: "485ACF9E-1305-4D71-A766-5BE1D748AAA3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*", matchCriteriaId: "09458CD7-D430-4957-8506-FAB2A3E2AA65", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2sz:*:*:*:*:*:*:*", matchCriteriaId: "6E709D6B-61DB-4905-B539-B8488D7E2DC0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2tpc:*:*:*:*:*:*:*", matchCriteriaId: "F6C1C831-556D-4634-AA24-6D64943ED275", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", matchCriteriaId: "EAC6758B-C6EE-45CB-AC2D-28C4AE709DD4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*", matchCriteriaId: "075CD42D-070A-49BA-90D9-E7925BB41A38", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*", matchCriteriaId: "DCB9967A-1EBD-4BE0-8651-1C7D42B2BF4E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", matchCriteriaId: "4AB8E66C-A16F-4CC5-9FDF-AE274FF035EB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*", matchCriteriaId: "5AF2C6C2-58E8-4EA6-84FB-4D11F31490A3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", matchCriteriaId: "4628FDA0-4260-4493-92C9-4574E5EC06A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*", matchCriteriaId: "F9FA064A-6E1A-4415-84D4-1A33FF667011", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*", matchCriteriaId: "EE896909-F8C3-4723-B5E7-9FB5FA2B73B6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*", matchCriteriaId: "9F9CDCE5-F6D3-4FA3-ADA0-EED2517FF7EC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*", matchCriteriaId: "7E03EE34-C398-43B4-A529-BE7BAFA4B3C3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*", matchCriteriaId: "21147732-FA22-4728-B5F2-D115B78A8EDB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*", matchCriteriaId: "4D717498-4DF9-4D15-A25B-D777FF460E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", matchCriteriaId: "4B40548F-3914-4227-9E4C-F1B34071C069", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*", matchCriteriaId: "ECE49281-0571-49F7-95FF-68B1ACA07537", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*", matchCriteriaId: "9B09B72E-6862-4115-9A0B-574089A94289", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xu:*:*:*:*:*:*:*", matchCriteriaId: "EC38B64C-E246-467F-A185-669497DEA839", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xv:*:*:*:*:*:*:*", matchCriteriaId: "FBB42063-9DB5-42DB-825A-53C6DBB51A57", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*", matchCriteriaId: "6E5C90EE-A9C0-461C-9E89-732BFA9BD066", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ya:*:*:*:*:*:*:*", matchCriteriaId: "E74B6350-C2F8-4786-8E32-2ED6C188A5E6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yb:*:*:*:*:*:*:*", matchCriteriaId: "F8E26473-A8EF-44C5-B550-5E0B86D31291", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yc:*:*:*:*:*:*:*", matchCriteriaId: "663FE3CE-FA09-46A2-9C0D-2797D9137A82", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yd:*:*:*:*:*:*:*", matchCriteriaId: "86309E93-F2C9-4334-9A1C-989EFDC99215", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ye:*:*:*:*:*:*:*", matchCriteriaId: "761D49D6-0624-41CE-829E-49E7EA679EF3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yf:*:*:*:*:*:*:*", matchCriteriaId: "9BFAF394-6E9A-4CD6-B8A6-5BDDE4EC8EC4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yh:*:*:*:*:*:*:*", matchCriteriaId: "8B6DB954-EDC8-4A81-8C26-9D3DBC68FC67", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yj:*:*:*:*:*:*:*", matchCriteriaId: "552C1E7A-2FFA-49BC-BF09-F0DE9B0C7502", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yk:*:*:*:*:*:*:*", matchCriteriaId: "869CEAF7-59D6-4651-8D89-0244D6C430A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yl:*:*:*:*:*:*:*", matchCriteriaId: "059FBAA6-3127-4DF9-99AD-AA3A16317B6D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ym:*:*:*:*:*:*:*", matchCriteriaId: "0E0E376F-64E1-4632-9A8E-11DC99FB245F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yn:*:*:*:*:*:*:*", matchCriteriaId: "BF440B52-C6AE-4608-BE71-01B354D37BEE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yt:*:*:*:*:*:*:*", matchCriteriaId: "969A5BAA-19D5-4411-BABB-FE55DBA7C7D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yu:*:*:*:*:*:*:*", matchCriteriaId: "54B41182-7AA8-49D1-BAC3-EAF312E43553", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yv:*:*:*:*:*:*:*", matchCriteriaId: "E11BBB83-147B-4FBF-B263-77FCCFB2D92D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yw:*:*:*:*:*:*:*", matchCriteriaId: "2E84677D-793D-44C5-80E9-FC29C3183278", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yx:*:*:*:*:*:*:*", matchCriteriaId: "E70E5B1F-E72C-4DAB-B6FA-977EF04BFBDA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yy:*:*:*:*:*:*:*", matchCriteriaId: "ECFA2358-6B79-472D-9092-FF99DC3DF042", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2yz:*:*:*:*:*:*:*", matchCriteriaId: "A3C26842-FF50-436F-8DB6-15A70082CD1C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zc:*:*:*:*:*:*:*", matchCriteriaId: "F4A31301-AAB0-4744-98B2-695D88798D9D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zd:*:*:*:*:*:*:*", matchCriteriaId: "ECB4BA74-BE9F-43D5-9D0F-78F4F2BB19B8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2ze:*:*:*:*:*:*:*", matchCriteriaId: "0CEB27CF-46B5-4780-964C-C31193614B74", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zf:*:*:*:*:*:*:*", matchCriteriaId: "0F1094F9-7222-4DE0-A368-7421ABA66E3C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zh:*:*:*:*:*:*:*", matchCriteriaId: "574FFD6F-D56C-41DB-A978-E501BA3CA5D8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zj:*:*:*:*:*:*:*", matchCriteriaId: "11790F38-3720-45CF-9FD4-A8E5867684D3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zl:*:*:*:*:*:*:*", matchCriteriaId: "4AE2282B-6693-4E4B-8662-501EBC14CD9E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zp:*:*:*:*:*:*:*", matchCriteriaId: "A925BA5C-AB2F-4B73-BA93-55664A319CAD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zu:*:*:*:*:*:*:*", matchCriteriaId: "9AE02B7C-BC2D-433C-B0A8-E60EDD62538E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zy:*:*:*:*:*:*:*", matchCriteriaId: "E83649EC-61A5-4937-93F4-42D082023382", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2zya:*:*:*:*:*:*:*", matchCriteriaId: "5D8830A0-E816-40C4-8743-A9E0994BA922", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "0668C45B-9D25-424B-B876-C1721BFFE5DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3b:*:*:*:*:*:*:*", matchCriteriaId: "292F6F99-19B3-4106-A432-5DE916CCDD56", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3t:*:*:*:*:*:*:*", matchCriteriaId: "C0C3B413-76F7-413B-A51F-29834F9DE722", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3tpc:*:*:*:*:*:*:*", matchCriteriaId: "841CDC5F-8F0E-4AE7-A7A9-960E0A8C66B9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3va:*:*:*:*:*:*:*", matchCriteriaId: "B418CFDD-AF36-46F9-B347-B34E72100F95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xa:*:*:*:*:*:*:*", matchCriteriaId: "84C89CFF-64BB-4058-9C49-C6BF3E5D8DB2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xb:*:*:*:*:*:*:*", matchCriteriaId: "ACB3B5E3-BDEE-4F29-AB02-BBFC6088D77E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xc:*:*:*:*:*:*:*", matchCriteriaId: "A9F12741-69FB-46DD-A670-8461492B338A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xd:*:*:*:*:*:*:*", matchCriteriaId: "7EC2D158-6174-4AE8-83DA-125B072B6980", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xe:*:*:*:*:*:*:*", matchCriteriaId: "A5688D88-A550-43EB-8854-2E132EC71156", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xf:*:*:*:*:*:*:*", matchCriteriaId: "8218E2D3-4F1E-440F-A2B2-A68D4692BB17", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xg:*:*:*:*:*:*:*", matchCriteriaId: "6BE2132D-CF21-49F1-BC66-FA6CDB6D72BD", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xi:*:*:*:*:*:*:*", matchCriteriaId: "AA212293-7BAF-4AD9-BD30-E953CBA7CB95", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xj:*:*:*:*:*:*:*", matchCriteriaId: "CEF3B2A9-027B-4141-B0FB-D31A2C918CF1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xk:*:*:*:*:*:*:*", matchCriteriaId: "1018E04C-5575-4D1A-B482-D1CDB9AD6A50", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xl:*:*:*:*:*:*:*", matchCriteriaId: "68FC4904-1F4D-4E10-AF95-911B07827598", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xq:*:*:*:*:*:*:*", matchCriteriaId: "86B9E611-3F06-424C-96EF-EE4997C70AB9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xr:*:*:*:*:*:*:*", matchCriteriaId: "E0A5760A-9FFE-4941-B2BD-7DD54B1E1B37", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xs:*:*:*:*:*:*:*", matchCriteriaId: "98FE195E-084B-4F4C-800D-850165DED48C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xu:*:*:*:*:*:*:*", matchCriteriaId: "FB74F350-37F8-48DF-924E-415E51932163", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xw:*:*:*:*:*:*:*", matchCriteriaId: "E618BF54-56DC-40FC-A515-3BFB4366F823", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xx:*:*:*:*:*:*:*", matchCriteriaId: "A1976E53-85A6-494F-B8AC-847E7988850C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xy:*:*:*:*:*:*:*", matchCriteriaId: "D90B78E1-3FC7-4CF6-B0BA-1D4CA0FAB57E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3xz:*:*:*:*:*:*:*", matchCriteriaId: "9A668D08-14C4-4438-A59C-CE60498BEF8B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ya:*:*:*:*:*:*:*", matchCriteriaId: "320C5597-68BE-4899-9EBB-9B4DEE8EA7DB", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yd:*:*:*:*:*:*:*", matchCriteriaId: "520304A4-EB15-42A8-A402-8251A4D2076D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yf:*:*:*:*:*:*:*", matchCriteriaId: "C46B66D6-1BF1-4DCA-868F-BADE3CB96063", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yg:*:*:*:*:*:*:*", matchCriteriaId: "CA88C064-898F-4C0D-A266-D7B3509C28A2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yh:*:*:*:*:*:*:*", matchCriteriaId: "139B1182-61A3-4F3D-9E29-758F27917646", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yi:*:*:*:*:*:*:*", matchCriteriaId: "0CC3706F-B00A-405E-917E-7FD5217E0501", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yj:*:*:*:*:*:*:*", matchCriteriaId: "1B46199E-0DF1-4B3F-A29E-1A2FC016F0F5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yk:*:*:*:*:*:*:*", matchCriteriaId: "1DF4D0E3-8015-4D6F-8364-B6EEAAE67971", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ym:*:*:*:*:*:*:*", matchCriteriaId: "2595DCBA-E6F2-4551-A804-4DBB137F076B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yq:*:*:*:*:*:*:*", matchCriteriaId: "CD6DF12B-2A20-4AC5-8EC5-729008D87736", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3ys:*:*:*:*:*:*:*", matchCriteriaId: "6BF9D6B6-E51F-44FF-97E5-15E0C4E9C3D7", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yt:*:*:*:*:*:*:*", matchCriteriaId: "A25C42FA-37F4-4B7F-AFCA-D7F081F58CF4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yu:*:*:*:*:*:*:*", matchCriteriaId: "B0AB8F07-AF43-4202-9908-F9A1DF6FFC03", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yx:*:*:*:*:*:*:*", matchCriteriaId: "2958873B-A0AB-4EAF-A5CF-8423739FAB07", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3yz:*:*:*:*:*:*:*", matchCriteriaId: "1938D118-C07F-4BEC-8030-947F099BFCB8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3za:*:*:*:*:*:*:*", matchCriteriaId: "3870C62F-D086-419C-A0E6-815E9ED5DE3B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4gc:*:*:*:*:*:*:*", matchCriteriaId: "89B19F2B-1D89-42FC-89A7-737D8109EB1B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4md:*:*:*:*:*:*:*", matchCriteriaId: "A2222EED-6CB2-4D18-8AF5-FAE55BC6213F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4mda:*:*:*:*:*:*:*", matchCriteriaId: "237F6EDD-AB47-4768-9C75-C0B03E23696B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4mr:*:*:*:*:*:*:*", matchCriteriaId: "C7414D32-88A1-416E-A717-3F47B6D1BE74", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4mra:*:*:*:*:*:*:*", matchCriteriaId: "860A1477-49B5-4356-9D83-A1A092233D55", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4sw:*:*:*:*:*:*:*", matchCriteriaId: "370DC543-AC01-4B91-88C7-60C323E35929", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4t:*:*:*:*:*:*:*", matchCriteriaId: "BEAD7398-D1B2-47FB-952D-8C3162D5A363", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xa:*:*:*:*:*:*:*", matchCriteriaId: "99235FFB-4439-40B2-ADBD-B08E5DBBCCB9", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xb:*:*:*:*:*:*:*", matchCriteriaId: "C1797E4E-E15C-4148-9B3D-4FF6D1D815AF", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xc:*:*:*:*:*:*:*", matchCriteriaId: "544BD924-2CBD-4130-BBD3-5AD084C85FE5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xd:*:*:*:*:*:*:*", matchCriteriaId: "6B78181E-E1D1-4C25-85DE-CA46BBF21765", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xe:*:*:*:*:*:*:*", matchCriteriaId: "C1F36C3D-E9A2-41A1-BE71-4D8B00D228E0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xf:*:*:*:*:*:*:*", matchCriteriaId: "7D1CD80F-E898-41CE-8A86-28C2F48B928A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xg:*:*:*:*:*:*:*", matchCriteriaId: "9C3C3B97-7F1E-4B87-AD44-E4230BCDAB7D", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xj:*:*:*:*:*:*:*", matchCriteriaId: "BF610051-1638-4C1B-9864-11E34EFC4DE6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xk:*:*:*:*:*:*:*", matchCriteriaId: "78260223-50C0-48F8-9A65-AE67489E602C", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xl:*:*:*:*:*:*:*", matchCriteriaId: "18E39462-4CEE-4C29-8B60-50E05FCF3E91", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xm:*:*:*:*:*:*:*", matchCriteriaId: "3FF16123-CCA0-4ECD-9B8C-AC1534C3F244", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xn:*:*:*:*:*:*:*", matchCriteriaId: "CC7454AF-7610-4CD3-BD2B-95A6C3283811", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xp:*:*:*:*:*:*:*", matchCriteriaId: "AB633E6C-025C-4B31-ABE7-8318C813376B", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xq:*:*:*:*:*:*:*", matchCriteriaId: "CEA9218D-E7A5-4F98-83E7-2FD6E138D5CE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xr:*:*:*:*:*:*:*", matchCriteriaId: "AC90BE87-EB54-46F8-A1FD-8F4E553C69F0", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xt:*:*:*:*:*:*:*", matchCriteriaId: "DFED1FFB-899D-4A48-9CCA-0B8737AE1408", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xv:*:*:*:*:*:*:*", matchCriteriaId: "883FA166-2973-42BA-842D-28FBDBFEAC4A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xw:*:*:*:*:*:*:*", matchCriteriaId: "4362045B-7065-4FF9-A977-B3DA7894F831", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xy:*:*:*:*:*:*:*", matchCriteriaId: "BC27E79D-6B4B-4839-9664-DFE821C45C2E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4xz:*:*:*:*:*:*:*", matchCriteriaId: "4963A243-74FA-43AD-9645-C9FAD527A6E1", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4ya:*:*:*:*:*:*:*", matchCriteriaId: "31C6EACA-35BE-4032-93DA-5F738AEE0F4A", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4yb:*:*:*:*:*:*:*", matchCriteriaId: "E67621EA-25D8-47C2-ADEA-512E38F2FFE3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4yd:*:*:*:*:*:*:*", matchCriteriaId: "94E1421B-2B86-41B2-9288-59780E081337", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4ye:*:*:*:*:*:*:*", matchCriteriaId: "51A5F5FF-6BC4-4A1E-B9F1-BD47096D30B2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4yg:*:*:*:*:*:*:*", matchCriteriaId: "6D910556-9518-45C5-9891-1541760B0920", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0m:*:*:*:*:*:*:*", matchCriteriaId: "3D03374C-7EF0-4455-839E-09CA4F2E85BC", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0s:*:*:*:*:*:*:*", matchCriteriaId: "F3EB72C9-C9AA-4E5C-8E87-A1AAA09AC5D2", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0xa:*:*:*:*:*:*:*", matchCriteriaId: "EC6EF56C-032C-43F6-A979-E18BEA0E16A6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1t:*:*:*:*:*:*:*", matchCriteriaId: "5FAFA073-B16F-475F-B68D-8FE9135AB0A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1xb:*:*:*:*:*:*:*", matchCriteriaId: "34137E45-7EC0-4350-9F6D-B427CE07D693", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6D203439-1A4B-4805-8A15-5A33C612A5B4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "71A41531-FBC0-41DD-9965-8CAFA30488AE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "310BA9E3-8175-4220-9FC3-48390C994174", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1.2114.1\\):*:*:*:*:*:*:*", matchCriteriaId: "05D768C8-3FCC-4994-95C0-ABCD86802A92", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1.2121.1\\):*:*:*:*:*:*:*", matchCriteriaId: "176E153B-F64B-47C6-A989-7530F46C1A33", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0:*:*:*:*:*:*:*", matchCriteriaId: "6F2564A8-5805-46E0-B6EC-F4967D67C566", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D0907FAF-8334-42C1-B35A-EC6ED89AC110", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.", }, { lang: "es", value: "Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.1, Cisco IOS XE v2.5.x y v2.6.x anterior a v2.6.1, y Cisco Unified Communications Manager (también conocido como CUCM, anteriormente CallManager) v6.x anterior a v6.1(5), v7.0 anterior a v7.0(2a)su3, v7.1su anterior a v7.1 (3b)su2, v7.1 anterior a v7.1(5) y v8.0 anterior a v8.0(1) permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo o interrupción de los servicios de voz) a través de una solicitud SIP REFER con un cabecera Refer-To inválida, también conocido como fallo ID CSCta20040 y CSCta31358.", }, ], id: "CVE-2010-2835", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-09-23T19:00:13.857", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-03-01 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "D562BA39-A14D-4E9F-AFCB-B9F6859871DE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "6297C4F7-28D7-4705-AF77-D207BD37CB32", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5BF9A73-0E5C-4FBE-9581-7B15D1288BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_3000_software:8.6.2:*:*:*:*:*:*:*", matchCriteriaId: "D63A13EC-E339-4324-BE52-6DCA2C1C5136", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:business_edition_3000:-:*:*:*:*:*:*:*", matchCriteriaId: "20D1D8B5-9747-40DB-A4FE-B540C9097086", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.5:*:*:*:*:*:*:*", matchCriteriaId: "1721C3E6-CAFB-4093-B62B-F702E23E2362", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "18CAF185-1FDF-4487-8060-E2A765B2ECE9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6:*:*:*:*:*:*:*", matchCriteriaId: "410F85BD-D93D-4AD4-B101-F778CD1F292B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B050E02D-EE99-4706-B15B-11DACF119D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "15D9013B-C4EB-45E3-AFC6-3D92865C2A3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "61C1465E-3229-4A72-80E5-C82736021F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_5000_software:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "FD003661-662F-43B1-902B-FB4812919AE5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:business_edition_5000:-:*:*:*:*:*:*:*", matchCriteriaId: "766F3C0E-B41D-4944-8BBF-3A268C8A75CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "960BE31B-A480-44AF-9D50-9F185B7D16FB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "711894D8-6183-429E-9774-248107B359D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "CF144D24-43D0-44E0-A7B7-4EED333BD4A0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "BC9ADE41-37AD-4A0C-A963-66161D000B6D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.5\\(1-2011o\\):*:*:*:*:*:*:*", matchCriteriaId: "CDD81820-BCC4-4A66-8B6F-208956DBC466", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "57C8BA28-19F0-4143-B274-23C7FE0DC987", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "5D8E0F3C-06E5-4078-8A9E-9071AF23A8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "4CD80DFF-ABAA-41F4-B477-109CC4356988", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:business_edition_6000_software:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "4C4F3553-C49E-48DC-97FE-CAD258632CF8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:business_edition_6000:-:*:*:*:*:*:*:*", matchCriteriaId: "03C14962-852B-40A7-ADD9-7983C9A36529", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anteriores a v7.1(5b)su5, v8.0 anteriores a v8.0(3a)su3, y v8.5 y v8.6 anteriores a v8.6(2a)su1 y Cisco Business Edition 3000 con software anterior a v8.6.3 y 5000 y 6000 con software anterior a v8.6(2a)su1, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un registro SCCP manipulado, también conocido como Bug ID CSCtu73538.", }, ], id: "CVE-2011-4487", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-03-01T01:55:00.753", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-10-18 00:17
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 5.0 | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "37FEF567-5F92-40BB-8581-3FCF584AAA1A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C144784A-941D-4919-9E21-1E2AD2738A08", versionEndIncluding: "5.1\\(2\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.", }, { lang: "es", value: "Cisco Unified communications Manager (CUCM, anteriormente CallManager) 5.1 anterior a 5.1(2), y Unified CallManager 5.0, permiten a atacantes remotos provocar una denegación de servicio (kernel panic) mediante una inundación de mensajes SIP INVITE al puerto UDP 5060, lo cual dispara un agotamiento de recursos, también conocida como, CSCsi75822.", }, ], id: "CVE-2007-5537", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-10-18T00:17:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/37941", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/27296", }, { source: "cve@mitre.org", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/26105", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1018828", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3532", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/37941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/27296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/26105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1018828", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3532", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.", }, { lang: "es", value: "Vulnerabilidad de CSRF en la interfaz Call Detail Records Analysis and Reporting (CAR) en el componente OS Administration en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que realizan cambios administrativos, también conocido como Bug ID CSCun00701.", }, ], id: "CVE-2014-0740", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-02-27T01:55:03.290", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029843", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*", matchCriteriaId: "6781FEB3-73CF-451E-A373-19657DE750FE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*", matchCriteriaId: "37F53ABC-C019-4BBB-8881-395F286EA43F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:-:*:*:*", matchCriteriaId: "8E10EACB-885B-4FB1-89D7-1038336B997B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su1:*:*:*:session_management:*:*:*", matchCriteriaId: "4277C3ED-77E5-4BBD-867E-0E5AD26CABDB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:-:*:*:*", matchCriteriaId: "00B8DC04-D9B0-432A-B9B9-5E3A9428528B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2:*:*:*:session_management:*:*:*", matchCriteriaId: "785CD3D7-9967-4F4E-A76A-66F514BB8D46", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:-:*:*:*", matchCriteriaId: "9F72E5FC-0459-4366-8D47-93306F25D31D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su2a:*:*:*:session_management:*:*:*", matchCriteriaId: "F9C6D49F-954B-4057-A51A-6ED1304EEC68", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:-:*:*:*", matchCriteriaId: "8FD488BB-6EB2-4084-B9C3-23E41D1FE0DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3:*:*:*:session_management:*:*:*", matchCriteriaId: "3225F4E8-4D2E-40EC-9BC0-799D34AB9C5C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:-:*:*:*", matchCriteriaId: "32ADCDE2-5069-472A-96FB-20A62337DDE2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su3a:*:*:*:session_management:*:*:*", matchCriteriaId: "57633170-0285-4C0E-A58F-AF970B97F24C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:-:*:*:*", matchCriteriaId: "100A3B73-B286-4358-A829-7AFBE685F9E4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4:*:*:*:session_management:*:*:*", matchCriteriaId: "9262E014-86BE-41B5-827B-297157796107", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:-:*:*:*", matchCriteriaId: "12D7018F-A242-49E2-9A2D-663EA34F6B4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su4a:*:*:*:session_management:*:*:*", matchCriteriaId: "A987F37B-3705-4A99-BD79-0575A5882A7C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "D7E3D8BF-B5A3-4857-94B7-3BDA59BD9BD0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:-:*:*:*", matchCriteriaId: "9C36CC93-51D2-4856-860F-4DE90721B5EF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6:*:*:*:session_management:*:*:*", matchCriteriaId: "0BC9CF9C-653E-45AF-8C15-E0D6052938B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:-:*:*:*", matchCriteriaId: "2C76AE40-E203-4206-AA54-D1B47EFBBFCE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su6a:*:*:*:session_management:*:*:*", matchCriteriaId: "0C51FA8B-D576-4174-947E-37DA5954B372", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:-:*:*:*", matchCriteriaId: "A5677040-8E71-43A7-A5AB-389A2446FBB5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su7:*:*:*:session_management:*:*:*", matchCriteriaId: "95D7060A-A44C-41F7-8F16-D6D066FA9E40", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:-:*:*:*", matchCriteriaId: "D2C99CC1-D20B-483D-83B2-C5A5654170D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su8:*:*:*:session_management:*:*:*", matchCriteriaId: "C4CE477A-3796-4EF9-9158-E96A6058C208", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:-:*:*:*", matchCriteriaId: "D0D0CC2A-4C22-440B-890C-C123562D3744", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su9:*:*:*:session_management:*:*:*", matchCriteriaId: "F4558E9D-6144-4DD3-8131-D46DF5E066E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:-:*:*:*", matchCriteriaId: "24016D28-5B31-4A92-806B-36AC44CC4476", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\)su10:*:*:*:session_management:*:*:*", matchCriteriaId: "0338F894-23F2-4063-AF30-A094F06BF0C0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "7E958AFF-185D-4D55-B74B-485BEAEC42FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:-:*:*:*", matchCriteriaId: "9938A5E6-0A2E-46C3-B347-EA63304A8511", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su1:*:*:*:session_management:*:*:*", matchCriteriaId: "AC3A6965-5989-47B1-BF13-F6D306BCE412", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:-:*:*:*", matchCriteriaId: "0E572C74-117F-455B-8A5D-14E3A363F087", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su2:*:*:*:session_management:*:*:*", matchCriteriaId: "641F8DC2-0595-41B5-B154-9CAB37B7E5F7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:-:*:*:*", matchCriteriaId: "319DA981-B200-409F-94D1-0808E0555F53", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:session_management:*:*:*", matchCriteriaId: "81F945BC-7A46-48F8-B709-67692CF62C9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:-:*:*:*", matchCriteriaId: "841C7F5B-29F6-441C-8F02-DBCE8D1CD160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su4:*:*:*:session_management:*:*:*", matchCriteriaId: "C8D79377-AEA4-4F7D-931C-7938F2E72108", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:-:*:*:*", matchCriteriaId: "0FC7FF7F-4870-4F68-B883-40AF4EAB8D15", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su5:*:*:*:session_management:*:*:*", matchCriteriaId: "7BD8C20B-2C1E-422D-87C0-D478F4A3CFE9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:-:*:*:*", matchCriteriaId: "BB663114-EC3F-4E9F-888D-5E4298C6F832", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su7:*:*:*:session_management:*:*:*", matchCriteriaId: "430E4021-05BF-4E41-B197-BE2EEF8A8B76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:-:*:*:*", matchCriteriaId: "1E6135D4-FA64-425B-BE91-174D38B5DBDD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su8:*:*:*:session_management:*:*:*", matchCriteriaId: "3912C8CB-01BF-4627-8960-E83F015115C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:-:*:*:*", matchCriteriaId: "7E0BC7A5-8DED-49FA-AC67-55FD5082876B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su9:*:*:*:session_management:*:*:*", matchCriteriaId: "075DF8B4-1651-46A4-8FE6-BEDC264E871A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "F2742FD5-CE1D-4FDC-818F-125600015BDF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EB810DDE-18A0-4168-8EC1-726DA62453E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:-:*:*:*", matchCriteriaId: "616BEDFF-EB9A-4ADE-A672-B2E709DC844B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:session_management:*:*:*", matchCriteriaId: "628A15DE-7852-4D4F-9D8B-A20A841708CB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:-:*:*:*", matchCriteriaId: "E077A144-3D5E-4984-8F2B-6A69C5ED3EE6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:session_management:*:*:*", matchCriteriaId: "25D5286C-249E-480A-88F9-0A573737297A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:-:*:*:*", matchCriteriaId: "6353BE27-91F0-4E8B-89A3-30EC189798F3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:session_management:*:*:*", matchCriteriaId: "B4057BD8-B5C0-4A61-8AD7-8E59F351AF8B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:-:*:*:*", matchCriteriaId: "F1FAF361-CEE8-4F75-B444-CFFB8A7D9AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:session_management:*:*:*", matchCriteriaId: "15292BC9-7129-4BCF-BAED-E8EBDC27AFA4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:-:*:*:*", matchCriteriaId: "387C66C7-42D7-4794-898C-85A098189BAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:session_management:*:*:*", matchCriteriaId: "BC19BCD4-4E59-4B5A-936F-AF3F31315BA3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME), podría permitir a un atacante remoto autenticado acceder a información confidencial en un dispositivo afectado. La vulnerabilidad es debido a una inclusión inapropiada de información confidencial en archivos descargables. Un atacante podría explotar esta vulnerabilidad al autenticarse en un dispositivo afectado y emitir un ajuste específico de comandos. Una explotación con éxito podría permitir al atacante obtener credenciales hash de los usuarios del sistema. Para explotar esta vulnerabilidad, un atacante necesitaría tener credenciales de usuario válidas con privilegios elevados", }, ], id: "CVE-2021-1406", lastModified: "2024-11-21T05:44:16.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.593", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-538", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-11-18 03:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A7C03E4-0E59-44D0-B3FB-77A2CB8A014F", versionEndIncluding: "9.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en la interfaz license-upload del componente Enterprise License Manager (ELM) de Cisco Unified Communications Manager 9.1(1) y anteriores permite a usuarios remotos autenticados crear archivos arbitrarios a través de rutas diseñadas, también conocido como Bug ID CSCui58222.", }, ], id: "CVE-2013-6688", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 6.3, confidentialityImpact: "NONE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:N/I:C/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-11-18T03:55:06.103", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31759", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-06-10 11:19
Modified
2025-04-12 10:46
Severity ?
Summary
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://secunia.com/advisories/58315 | Permissions Required | |
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292 | Vendor Advisory | |
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=34574 | Vendor Advisory | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030408 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58315 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=34574 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030408 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.", }, { lang: "es", value: "La implementación Real Time Monitoring Tool (RTMT) en Cisco Unified Communications Manager (Unified CM) permite a usuarios remotos autenticados (1) leer o (2) eliminar archivos arbitrarios a través de una URL manipulada, también conocido como Bug IDs CSCuo17302 y CSCuo17199.", }, ], id: "CVE-2014-3292", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-06-10T11:19:35.860", references: [ { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://secunia.com/advisories/58315", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://secunia.com/advisories/58315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030408", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-19 03:15
Modified
2024-11-21 02:23
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D026606F-2DF3-452B-A554-EE45559F9159", versionEndIncluding: "10.5\\(2.10000.5\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Unified Communications Manager, podría permitir a un atacante no autenticado remoto conducir un ataque de tipo cross-site scripting (XSS) en el software afectado. Estas vulnerabilidades son debido a la comprobación de entrada inapropiada de determinados parámetros pasados ??al software afectado. Un atacante podría explotar esta vulnerabilidad convenciendo a un usuario de seguir un enlace malicioso. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto del sitio afectado o permitir al atacante acceder a información confidencial basada en el navegador.", }, ], id: "CVE-2015-0749", lastModified: "2024-11-21T02:23:38.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-19T03:15:10.370", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-09-26 16:21
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_callmanager | 4.1 | |
| cisco | unified_callmanager | 4.2 | |
| cisco | unified_callmanager | 4.3 | |
| cisco | unified_communications_manager | 4.1 | |
| cisco | unified_communications_manager | 5.0 | |
| cisco | unified_communications_manager | 5.1 | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | ios | 12.2 | |
| cisco | ios | 12.3 | |
| cisco | ios | 12.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "AC772518-51CC-4692-BEB2-2C9C2A215F44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "9A5E0999-9FB7-4255-A8CF-5D74E70FD56A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_callmanager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "50BA656D-4103-4BE7-9C8A-BDC9580B7E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "0668C45B-9D25-424B-B876-C1721BFFE5DA", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.", }, { lang: "es", value: "Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12.4 y Unified Communications Manager v4.1 a la v6.1, cuando VoIP está configurada, permite a atacantes remotos provocar una denegación de servicio (reinicio de proceso o de dispositivo) a través de mensajes SIP válidos no especificados. Vulnerabilidad distinta de CVE-2008-3800 y CVE-2008-3802.", }, ], id: "CVE-2008-3801", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-09-26T16:21:44.080", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31990", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/32013", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31367", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020939", }, { source: "psirt@cisco.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020942", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { source: "psirt@cisco.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/31990", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/32013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-16 21:15
Modified
2024-11-21 07:40
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1\) | |
| cisco | unified_communications_manager | 11.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 14.0 | |
| cisco | unified_communications_manager | 14.0 | |
| cisco | unified_communications_manager_im_and_presence_service | 11.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3EB73BD4-9ECC-458E-925D-FECE9A49BD48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EB810DDE-18A0-4168-8EC1-726DA62453E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:*:*:*:*", matchCriteriaId: "5FFCAAB4-CED3-4D68-9572-15B27876B1F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:session_management:*:*:*", matchCriteriaId: "5B613D5E-BF3D-426B-9A5B-0322D48EE693", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "34D89C42-AAD9-4B04-9F95-F77681E39553", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CAAAAF61-C33F-462B-B7C4-9F976235888A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*", matchCriteriaId: "9F161FAB-C375-4F2D-BF13-1645BA6A06F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], id: "CVE-2023-20242", lastModified: "2024-11-21T07:40:58.500", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-16T21:15:09.800", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-18 02:29
Modified
2024-11-21 04:37
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/108019 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108019 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.", }, { lang: "es", value: "Una vulnerabilidad en la API de servicios de datos de usuario (UDS) de Unified Communications Manager (Unified CM) de Cisco podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio (DoS) en la GUI de administración. La vulnerabilidad es debido a la comprobación inapropiada de los parámetros de entrada en las peticiones de la API de UDS. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición creada a la API de UDS de un dispositivo afectado. Una explotación con éxito podría permitir al atacante hacer que el servicio A Cisco DB se cierre inesperadamente, impidiendo el acceso del administrador a la GUI de administración del Unified CM Puede requerirse intervención manual para restablecer el funcionamiento normal. Las versiones de software 10.5, 11.5, 12.0, 12.5 están impactadas", }, ], id: "CVE-2019-1837", lastModified: "2024-11-21T04:37:30.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-18T02:29:05.997", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108019", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/108019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-129", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-10-03 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.0:*:*:*:*:*:*:*", matchCriteriaId: "CF87CC9A-1AF5-4DB4-ACE5-DB938D3B2F84", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", matchCriteriaId: "EB41294E-F3DF-4F1E-A4C8-E90B21A88836", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.0:*:*:*:*:*:*:*", matchCriteriaId: "23AD1406-D2E4-4517-BF3E-A87C1FA8AC7E", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "6D203439-1A4B-4805-8A15-5A33C612A5B4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "A2DC46EA-C766-4EBA-B686-29B3B23F0155", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "71A41531-FBC0-41DD-9965-8CAFA30488AE", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "310BA9E3-8175-4220-9FC3-48390C994174", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "7B837418-4855-44BE-BA6F-0840864481A4", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*", matchCriteriaId: "C5A13401-2660-483E-89A5-6420B5866BB8", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*", matchCriteriaId: "77FC74E2-2510-40F5-BB2B-11608B844E28", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.1.2s:*:*:*:*:*:*:*", matchCriteriaId: "3C69E845-700C-4250-B528-9482A5362F61", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.1.3s:*:*:*:*:*:*:*", matchCriteriaId: "389D6E60-F6AB-40B8-B894-CE97BF13AE63", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.1.4s:*:*:*:*:*:*:*", matchCriteriaId: "1A40EA0A-1642-4950-9943-20C1888C18D5", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.2.0s:*:*:*:*:*:*:*", matchCriteriaId: "621845E0-E885-46E4-929D-55DBE43DC97F", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.2.1s:*:*:*:*:*:*:*", matchCriteriaId: "429F3E17-5C65-4C91-8881-AAEAA00BCD44", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:3.2.2s:*:*:*:*:*:*:*", matchCriteriaId: "F47E76FF-DE36-463D-B610-A99C90AF7B91", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.", }, { lang: "es", value: "Una vulnerabilidad de pérdida de memoria en Cisco IOS v12.4, v15.0 y v15.1, Cisco IOS XE v2.5.x hasta v3.2.x, y Cisco Unified Communications Manager (CUCM) v6.x y v7.x antes de v7.1(5b)SU4, v8.x antes de v8.5(1)su2, y v8.6 antes de v8.6(1) permite a atacantes remotos causar una denegación de servicio (consumo de memoria y reinicio del dispositivo o fallo de procesos) a través de un mensaje SIP mal formado. Se trata de un problema también conocido como Bug ID CSCtl86047 y CSCto88686.", }, ], id: "CVE-2011-2072", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-10-03T23:55:03.453", references: [ { source: "psirt@cisco.com", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { source: "psirt@cisco.com", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1026110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1026110", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-08 04:15
Modified
2024-11-21 05:44
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1ECFC9AD-73C7-4B03-B791-0DB46A987673", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "DEED2509-2F02-4B6F-A588-448C39D87AC7", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "FF429C92-1327-4A27-B2FF-B388A5F97A98", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "5EB86657-3A5F-4960-B407-5920A86DB58F", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "2B4716CB-F9D8-4E38-9FC1-CE4E4A44B20F", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "4E62A5D3-0E6B-488A-B7EF-FB9C68947042", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "BB145AFA-1CB3-40ED-B522-7AE4BCFE785A", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "EC5846FF-F22A-4475-AB3D-AD23B03CBE9E", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "7D9BAFFB-1814-40E8-BAFA-51362D6F3173", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.", }, { lang: "es", value: "Una vulnerabilidad en el endpoint de la API SOAP de Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & amp; Presence Service, Cisco Unity Connection y Cisco Prime License Manager, podrían permitir a un atacante remoto autenticado ejecutar código arbitrario en un dispositivo afectado. Esta vulnerabilidad es debido a un saneamiento inapropiado de la entrada suministrada por el usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición de API SOAP con parámetros diseñados hacia un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario con privilegios root en el sistema operativo Linux subyacente del dispositivo afectado", }, ], id: "CVE-2021-1362", lastModified: "2024-11-21T05:44:10.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-08T04:15:12.140", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "psirt@cisco.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-17 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/100375 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039184 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100375 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039184 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).", }, { lang: "es", value: "Una vulnerabilidad en la validación de permisos de modificación de configuración en Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado realice una escalada horizontal de privilegios en la que un usuario puede modificar la configuración de otro usuario. La vulnerabilidad se debe a la falta de un control de acceso basado en roles o RBAC (role-based access control) apropiado, en el que se requieren ciertos cambios de la configuración del usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP manipulada a la aplicación objetivo. Un exploit podría permitir que el atacante afecte la integridad de la aplicación, ya que un usuario puede modificar la configuración de la información de otro usuario. Cisco Bug IDs: CSCve27331. Versiones afectadas conocidas: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).", }, ], id: "CVE-2017-6785", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-17T20:29:00.853", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100375", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039184", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-05 13:22
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.", }, { lang: "es", value: "Vulnerabilidad CSRF (Cross-site request forgery) en la página User WebDialer en Cisco Unified Communications Manager (Unified CM), permite a atacantes remotos secuestrar la autenticación de usuarios para las solicitudes de las llamadas de línea, también conocido como Bug ID CSCui13028.", }, ], id: "CVE-2013-3450", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2013-08-05T13:22:47.910", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "471B6E0B-FCD9-4E93-BDEA-0B69B5296960", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.", }, { lang: "es", value: "Una función no especificada en Cisco Unified Communications Manager (CUCM) v7.1 (x) ahasta v9.1 (2) permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores desconocidos, también conocido como Bug ID CSCuh73440.", }, ], id: "CVE-2013-3402", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.933", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/54249", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-06-10 11:19
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287 | Vendor Advisory | |
| psirt@cisco.com | http://www.securityfocus.com/bid/68000 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030411 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68000 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030411 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en BulkViewFileContentsAction.java en la interfaz Java en Cisco Unified Communications Manager (Unified CM) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de parámetros de nombre de archivo manipulados en una URL, también conocido como Bug ID CSCuo17337.", }, ], id: "CVE-2014-3287", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-06-10T11:19:35.737", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/68000", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/68000", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030411", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr.5:*:*:*:*:*:*", matchCriteriaId: "FBE07ABF-97B2-48B4-8EF6-861AB41340F2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr4:*:*:*:*:*:*", matchCriteriaId: "9135D3DE-5110-47CB-A23F-7CE3D9AFD153", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5:*:*:*:*:*:*", matchCriteriaId: "914A2B2A-6292-451B-B26A-1B529CECBE3B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5b:*:*:*:*:*:*", matchCriteriaId: "72FAE8F7-504A-4B6F-9C9D-45158AC6C208", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5c:*:*:*:*:*:*", matchCriteriaId: "835DD627-C5F1-4733-8949-C91592EC719A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2\\(3\\)sr.2:*:*:*:*:*:*", matchCriteriaId: "701A374B-00A7-4151-8652-9A39FAECBC5A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr2b:*:*:*:*:*:*", matchCriteriaId: "42F41FF1-3FD1-4E90-877C-AC10D56CFEA8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr3:*:*:*:*:*:*", matchCriteriaId: "291CFDEC-CDF8-438D-9D1E-2832CE705FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:4.3\\(1\\)sr.1:*:*:*:*:*:*", matchCriteriaId: "25EF5BF5-5909-4194-96DD-E8725BD3499A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "B860F1E1-E295-4B71-B396-14286611EA36", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2\\):*:*:*:*:*:*", matchCriteriaId: "E194E6EC-282D-4C8E-96E3-00D64FCD8C6C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2a\\):*:*:*:*:*:*", matchCriteriaId: "5B2EA451-EE18-440A-924A-556A2EC74300", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2b\\):*:*:*:*:*:*", matchCriteriaId: "8950C510-38F3-4040-8871-C085DDECF5B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.", }, { lang: "es", value: "El servicio SNMP Trap Agent de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (core dump y reinicio del servicio) a través de una serie de paquetes UDP malformados, como lo demostrado por IP Stack Integrity Checker (ISIC), también conocido como Bug ID CSCsj24113.", }, ], id: "CVE-2008-1746", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42420", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-21 19:15
Modified
2024-09-06 17:18
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3EB73BD4-9ECC-458E-925D-FECE9A49BD48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "1C9751FC-5C3C-4D7B-B368-39FF096C1581", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E411B60D-4EFA-4A8C-A9A0-74B7524B2B72", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "EC7EAB06-39FB-4897-BDCC-B84041DA9AB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "2E727720-92A8-430E-881F-091ACC71E87F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "511D0C5D-55DB-4293-BFE0-17D31073C5BA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "294B9E10-2CF1-47D3-9725-E2A568E17AD2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*", matchCriteriaId: "397E6105-7508-4DEB-AD6D-1E702E31C875", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7a:*:*:*:*:*:*:*", matchCriteriaId: "1DD5882F-47AD-44BF-BAF5-4DA6B59A45A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8:*:*:*:*:*:*:*", matchCriteriaId: "65580374-43E4-4EB4-8D66-76FB8AF11568", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8a:*:*:*:*:*:*:*", matchCriteriaId: "D501B7FB-1335-4C44-8C4F-DDF033A41E4A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su9:*:*:*:*:*:*:*", matchCriteriaId: "7E5D489D-D2D3-4784-8B80-209344A9FC76", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "655AA70A-8784-4D5D-9DB2-799A2ADF9317", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:*:*:*:*", matchCriteriaId: "5FFCAAB4-CED3-4D68-9572-15B27876B1F4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0su1:*:*:*:*:*:*:*", matchCriteriaId: "7A860A99-9641-47E8-B986-F118B8B77EDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0su2:*:*:*:*:*:*:*", matchCriteriaId: "55AE4879-442D-4100-A31E-DC46D34B9506", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0su2a:*:*:*:*:*:*:*", matchCriteriaId: "065D488E-C375-4EF4-9C80-0E160AE74FCB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0su3:*:*:*:*:*:*:*", matchCriteriaId: "02CA71E0-431C-4B45-AAF1-5471EF7226FE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0su4:*:*:*:*:*:*:*", matchCriteriaId: "8A60531F-11B6-4278-9B42-735F374CDE44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0su4a:*:*:*:*:*:*:*", matchCriteriaId: "582F9D45-5F04-44F8-8FB5-812D30EFDE70", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:15.0:*:*:*:*:*:*:*", matchCriteriaId: "2426B367-BC52-4006-8D17-8CBB3EC65800", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad existe porque la interfaz de administración basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un enlace manipulado. Un exploit exitoso podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador.", }, ], id: "CVE-2024-20488", lastModified: "2024-09-06T17:18:11.813", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-21T19:15:13.163", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-9zmfHyZ", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.", }, { lang: "es", value: "Vulnerabilidad de XSS en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (UCM) permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05343.", }, ], id: "CVE-2014-0723", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-02-13T05:24:51.497", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/103222", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65495", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029756", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/103222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65495", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029756", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-08-29 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.", }, { lang: "es", value: "Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM, CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su3, v8.x antes de v8.0(3a)su1, y v8.5 antes de v8.5(1), permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP INVITE, también conocido como Bug ID CSCth43256", }, ], id: "CVE-2011-2562", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-08-29T15:55:01.267", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-13 22:15
Modified
2024-11-21 05:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | emergency_responder | * | |
| cisco | emergency_responder | 10.5\(2\) | |
| cisco | emergency_responder | 11.5\(1\) | |
| cisco | emergency_responder | 12.0\(1\) | |
| cisco | prime_license_manager | * | |
| cisco | prime_license_manager | 10.5\(2\) | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.5\(2\) | |
| cisco | unified_communications_manager | 10.5\(2\) | |
| cisco | unified_communications_manager_im_\&_presence_service | * | |
| cisco | unified_communications_manager_im_\&_presence_service | * | |
| cisco | unified_communications_manager_im_\&_presence_service | 10.5\(2\) | |
| cisco | unified_communications_manager_im_\&_presence_service | 12.0\(1\) | |
| cisco | unity_connection | * | |
| cisco | unity_connection | * | |
| cisco | unity_connection | * | |
| cisco | unity_connection | 10.5\(2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "46879FDA-3BFF-439D-9683-AA5ED3BB46AE", versionEndExcluding: "12.5\\(1\\)su3", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "2E36DA38-0004-4C87-95F1-8C3589644872", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "9622F846-B220-458C-B09D-FF89B929F07B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "299AC12F-EC43-4EF9-82B4-ACF0AAEC5702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C86A6174-1B31-459A-B439-B2BC0564AC89", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_license_manager:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "2C5ABB4D-0350-43F6-869D-4D9EC21CA8F5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "6FFCC0CA-4FF2-45E5-84E3-44FCCB24C330", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "B7B52D74-F14C-4053-9C18-90B01898B26E", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:-:*:*:*", matchCriteriaId: "6781FEB3-73CF-451E-A373-19657DE750FE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2\\):*:*:*:session_management:*:*:*", matchCriteriaId: "37F53ABC-C019-4BBB-8881-395F286EA43F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DA468D5D-A539-44BC-9F60-7AB432CD24DC", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "A2F6D898-8253-425A-9D40-3394E581FAAC", versionEndExcluding: "12.5\\(1\\)su3", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "006A2272-F680-49A1-B719-14252C69A6E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "E68CC25F-B7F5-482C-AED6-4AAB336969BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "C01C8779-6458-4DD6-8FF0-539028EB8180", versionEndExcluding: "11.5\\(1\\)su9", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "E47F4BAF-AE5F-45F6-AF54-E889320FF230", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "B1977E6A-433E-4BA6-91AA-EB825D8BFCD2", versionEndExcluding: "12.5\\(1\\)su3", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "02F5AF19-C869-4A55-B4D7-38C0FFABCC6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.", }, { lang: "es", value: "Una vulnerabilidad en el componente de registro de auditoría de Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & amp; Presence Service, Cisco Unity Connection, Cisco Emergency Responder y Cisco Prime License Manager, podría permitir a un atacante remoto autenticado visualizar información confidencial en texto sin cifrar en un sistema afectado. La vulnerabilidad es debido al almacenamiento de determinadas credenciales no cifradas. Un atacante podría explotar esta vulnerabilidad accediendo a los registros de auditoría en un sistema afectado y obteniendo credenciales a las que normalmente no tiene acceso. Una explotación con éxito podría permitir al atacante usar esas credenciales para detectar y administrar dispositivos de red.", }, ], id: "CVE-2021-1226", lastModified: "2024-11-21T05:43:52.397", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-13T22:15:20.490", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-532", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en la interfaz de servicio CCM Service en el servidor en Cisco Unified Communications Manager permiten a atacantes remotros inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCuq90597.", }, ], id: "CVE-2014-3375", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-10-31T10:55:02.237", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/61025", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375", }, { source: "psirt@cisco.com", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/70850", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031163", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70850", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031163", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-05 14:29
Modified
2024-11-21 03:50
Severity ?
Summary
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securitytracker.com/id/1041780 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041789 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041780 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041789 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unity_connection | 9.1\(1\)es23 | |
| cisco | unified_communications_manager_im_and_presence_service | 10.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 10.5\(2\) | |
| cisco | unified_communications_manager_im_and_presence_service | 12.0\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) | |
| cisco | emergency_responder | 11.5\(4.59000.1\) | |
| cisco | emergency_responder | 12.0\(1.40000.3\) | |
| cisco | emergency_responder | 12.5\(0.98000.110\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\)es23:*:*:*:*:*:*:*", matchCriteriaId: "9FD677D2-4587-4412-9FAD-D7CC16123E43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "07CA186C-F010-4C41-9F27-56639DF8D0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "BF58FA68-5EEC-47A2-AD8C-2342B449741D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "589832AB-CA04-4EBA-873A-385FA52541D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CAAAAF61-C33F-462B-B7C4-9F976235888A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.59000.1\\):*:*:*:*:*:*:*", matchCriteriaId: "E51090D1-B48E-4F2F-9792-A6FD5EEB6934", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:12.0\\(1.40000.3\\):*:*:*:*:*:*:*", matchCriteriaId: "25AE0E50-63AB-45FD-927B-A3C52EDE6824", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:12.5\\(0.98000.110\\):*:*:*:*:*:*:*", matchCriteriaId: "0E60E2B8-2686-49E1-8F7D-1FA42CD6D4EA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz web de Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM Presence Service y Cisco Unity Connection podría permitir que un atacante remoto autenticado redirija a un usuario a una página web maliciosa. Esta vulnerabilidad se debe a la validación incorrecta de entradas de los parámetros en una petición HTTP. Un atacante podría explotar esta vulnerabilidad manipulando una petición que provoca que la interfaz web redirija una petición a una URL maliciosa específica. Este tipo de vulnerabilidad se conoce como ataque de redirección abierta y se emplea en ataques de phishing que hacen que los usuarios visiten sin saberlo sitios maliciosos.", }, ], id: "CVE-2018-15403", lastModified: "2024-11-21T03:50:42.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-05T14:29:08.687", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041780", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041789", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-11-01 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios:15.1:*:*:*:*:*:*:*", matchCriteriaId: "EB41294E-F3DF-4F1E-A4C8-E90B21A88836", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.", }, { lang: "es", value: "Pérdida de memoria en versión del Unified Communications Manager (CUCM) de Cisco versiones 6.x anteriores a 6.1(5)su2, versiones 7.x anteriores a 7.1(5b)su3, versiones 8.x anteriores a 8.0(3a)su1, y versión 8.5 anterior a 8.5(1), y IOS de Cisco versiones 12.4 y 15.1, permite a los atacantes remotos causar una denegación de servicio (consumo de memoria y fallo del proceso o recarga del dispositivo) por medio de un mensaje SIP malformado, también se conoce como ID de bug CSCti75128 y CSCtj09179.", }, ], id: "CVE-2011-0941", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-11-01T19:55:01.587", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { source: "psirt@cisco.com", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-08-09 21:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", matchCriteriaId: "8F86F790-6247-42F2-9487-3D60A2842F52", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", matchCriteriaId: "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:12.3:*:*:*:*:*:*:*", matchCriteriaId: "0668C45B-9D25-424B-B876-C1721BFFE5DA", vulnerable: false, }, { criteria: "cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*", matchCriteriaId: "9D4D8C72-E7BB-40BF-9AE5-622794D63E09", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.", }, { lang: "es", value: "Vulnerabilidad sin especificar en el Cisco Unified Communications Manager (CUCM) 5.0, 5.1, y 6.0 y en el IOS 12.0 hasta el 12.4, permite a atacantes remotos ejecutar código de su elección a través de un paquete SIP mal formado, también conocido como CSCsi80102.", }, ], id: "CVE-2007-4294", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-08-09T21:17:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/36693", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26362", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1018538", }, { source: "cve@mitre.org", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/25239", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/2816", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/36693", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1018538", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/25239", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/2816", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en la interfaz de administración de CCM en el servidor en Cisco Unified Communications Manager permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCuq90582.", }, ], id: "CVE-2014-3374", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-10-31T10:55:02.190", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59696", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/70849", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031162", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59696", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70849", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031162", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-02 13:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 12.0\(1\) | |
| cisco | unified_communications_manager | 12.0\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unified_communications_manager_im_and_presence_service | 12.0\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) | |
| cisco | unity_connection | * | |
| cisco | unity_connection | * | |
| cisco | unity_connection | 12.0\(1\) | |
| cisco | unity_connection | 12.5\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6589768C-B5E7-4527-B73C-1C7F82FF7238", versionEndExcluding: "10.5\\(2\\)su10", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "4337322A-FFAF-4F6B-8A15-D7CF9E7CDF92", versionEndExcluding: "10.5\\(2\\)su10", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3A4D4EEF-A737-4E4D-84CE-CB9F2A9C0E56", versionEndExcluding: "11.5\\(1\\)su8", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "55C61CF9-D342-4D02-AA85-01386779A9D2", versionEndExcluding: "11.5\\(1\\)su8", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "709D4331-927A-46F9-859E-E6369939DF8E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "3EB73BD4-9ECC-458E-925D-FECE9A49BD48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EB810DDE-18A0-4168-8EC1-726DA62453E8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "902BB9E5-23BD-42EA-B1BA-C28CC2D8E754", versionEndExcluding: "10.5\\(2\\)su10", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "BF318B81-8D9B-4B29-8E72-31484B8E8544", versionEndExcluding: "11.5\\(1\\)su8", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "589832AB-CA04-4EBA-873A-385FA52541D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "CAAAAF61-C33F-462B-B7C4-9F976235888A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "0FD20EA9-F6C5-437A-A87E-4F60426AE918", versionEndExcluding: "10.5\\(2\\)su10", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "18FE6B9F-556E-460E-9DD4-4E05566AF7E8", versionEndExcluding: "11.5\\(1\\)su8", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "03BF7E52-63A5-4616-A524-839EC9CD3F67", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1C9DD393-7E10-4EE5-9FB4-855F3231F989", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Edition, Cisco Unified Communications Manager IM & Presence Service y Cisco Unity Connection, podrían permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz.\nLa vulnerabilidad es debido a una comprobación de entrada insuficiente suministrada por el usuario mediante la interfaz de administración basada en web del software afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir a un atacante ejecutar código script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador.", }, ], id: "CVE-2020-3282", lastModified: "2024-11-21T05:30:43.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-02T13:15:10.220", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-07 12:29
Modified
2024-11-21 03:30
Severity ?
Summary
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "57F71C50-5AEA-4C57-B40D-BD175CE99F61", versionEndExcluding: "10.5\\(1a\\)", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "EADE21CC-8C70-4270-9431-30C4213A8115", versionEndExcluding: "11.5\\(4\\)", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", matchCriteriaId: "650A41E1-9A81-4C08-9DDF-9CDDC6E22202", versionEndExcluding: "12.0su1", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:emergency_responder:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "6E73AED2-74FE-410F-835A-7BD9E5E6C7DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*", matchCriteriaId: "17A01F3E-24B2-4FE4-8466-6DE2EFA0530C", versionEndExcluding: "11.5\\(3\\)", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:finesse:9.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "359B9780-D7A7-467C-A665-573C62E981EB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:*", matchCriteriaId: "B834DBFE-9CB9-486C-8084-3735D0994D7F", versionEndExcluding: "11.5\\(3\\)", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:9.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "2D3EAC03-CB4A-423D-95BF-D7AB258CE2E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:mediasense:*:*:*:*:*:*:*:*", matchCriteriaId: "8CEF5671-AEB6-442B-8D9F-242447410512", versionEndExcluding: "11.5su2", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:mediasense:9.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "37B3DC93-6772-4836-B969-3D8B0359D4AF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*", matchCriteriaId: "CB04C20D-B989-4B4D-B5F9-C2067CC886E1", versionEndExcluding: "11.6_es16", versionStartIncluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*", matchCriteriaId: "B92B3174-0187-4C3A-AFE7-2443FBAEA97E", versionEndExcluding: "12.1_es2", versionStartIncluding: "12.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.5:*:*:*:*:*:*:*", matchCriteriaId: "2BDA7BD5-70AE-431C-8E92-171A84BAA77F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FA9960C4-874D-44DF-B686-9039179378F4", versionEndExcluding: "10.5.2", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "10FC0ED2-B2D2-4F52-B2B0-AC0DDCB430E9", versionEndExcluding: "11.5\\(1\\)su5", versionStartIncluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:socialminer:*:*:*:*:*:*:*:*", matchCriteriaId: "F8F4EDF5-67A4-42E1-BCB3-DB36A74C15A7", versionEndExcluding: "11.6.1", versionStartIncluding: "11.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DE65718F-D5E7-4FFA-985E-D0BCE395DBAE", versionEndExcluding: "10.5\\(2\\)su5", versionStartIncluding: "10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CE99092A-3EB2-4F0B-8812-ECA6B67AA301", versionEndExcluding: "11.0\\(1a\\)su4", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8439C2DF-9F4B-40FE-8898-6331064026AA", versionEndExcluding: "11.5\\(1\\)su3", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0:*:*:*:*:*:*:*", matchCriteriaId: "05BD68E4-4296-49ED-B789-60B935210C28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", matchCriteriaId: "271E4847-9AF4-4DDC-82AB-3BE20F7A67F9", versionEndExcluding: "11.6\\(1\\)", versionStartIncluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su1.3:*:*:*:*:*:*:*", matchCriteriaId: "31FFF48A-B174-4FD6-9626-E81B5BAE3B43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", matchCriteriaId: "E71D688D-BCF7-4587-A158-C347A3A985CA", versionEndExcluding: "11.6\\(1\\)", versionStartIncluding: "11.6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:unified_intelligence_center:9.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "924FD18E-A20D-4EBE-999E-866DADDE0CF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "4F1EF97D-52BC-4A60-9A73-09BFAAD05DAD", versionEndExcluding: "10.5su5", versionStartIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "DFD34725-568D-4612-A84F-FF524D57F0E4", versionEndExcluding: "11.5.1su3", versionStartIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:9.5\\(0.9\\)tt0:*:*:*:*:*:*:*", matchCriteriaId: "0C5B4499-83A3-461B-AC8C-45BEABCBA1CE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*", matchCriteriaId: "65D225AB-813B-4182-8916-0FE8307BB18B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*", matchCriteriaId: "A9928C83-6BEB-44AA-BB2E-AA2B9DC58BE4", versionEndExcluding: "11.6\\(1\\)", versionStartIncluding: "11.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.", }, { lang: "es", value: "Múltiples productos Cisco se han visto afectados por una vulnerabilidad en la gestión de archivos locales para ciertos archivos de log del sistema de productos Cisco Collaboration que podrían permitir que un atacante remoto no autenticado provoque un gran uso del disco, lo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad ocurre debido a que cierto archivo de registro del sistema no tiene una restricción de tamaño máximo. Por lo tanto, se permite que el archivo consuma la mayoría de espacio disponible en el dispositivo. Un atacante podría explotar esta vulnerabilidad enviando peticiones de conexión remota manipuladas al dispositivo. La explotación con éxito podría permitir que el atacante aumente el tamaño de un archivo de log del sistema para que consuma casi todo el espacio del disco. La falta de espacio disponible en el disco podría desembocar en una condición de denegación de servicio (DoS) en la que las funciones de la aplicación podrían operar de forma errónea, haciendo que la aplicación sea inestable. Esta vulnerabilidad afecta a los siguientes productos basados en Cisco Voice Operating System (VOS): Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IMP - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection y Virtualized Voice Browser. Esta vulnerabilidad también afecta a Prime Collaboration Assurance y Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818 y CSCvi31823.", }, ], id: "CVE-2017-6779", lastModified: "2024-11-21T03:30:30.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-07T12:29:00.260", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-07-18 12:48
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5A1D8DBE-095D-4E38-A93B-D05459F7209E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCA70732-8ACD-47D2-A311-319180F86892", vulnerable: false, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*", matchCriteriaId: "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.", }, { lang: "es", value: "Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la variable de entorno especificadas para los programas privilegiados, también conocido como Bug ID CSCui02276.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", id: "CVE-2013-3433", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-07-18T12:48:56.977", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/95404", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/54249", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/61297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/95404", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/61297", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-05-16 12:54
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "1E29A61E-334B-4F95-9B47-8F53A4DB3EB0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr.5:*:*:*:*:*:*", matchCriteriaId: "FBE07ABF-97B2-48B4-8EF6-861AB41340F2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr4:*:*:*:*:*:*", matchCriteriaId: "9135D3DE-5110-47CB-A23F-7CE3D9AFD153", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5:*:*:*:*:*:*", matchCriteriaId: "914A2B2A-6292-451B-B26A-1B529CECBE3B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5b:*:*:*:*:*:*", matchCriteriaId: "72FAE8F7-504A-4B6F-9C9D-45158AC6C208", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1:\\(3\\)sr5c:*:*:*:*:*:*", matchCriteriaId: "835DD627-C5F1-4733-8949-C91592EC719A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2\\(3\\)sr.2:*:*:*:*:*:*", matchCriteriaId: "701A374B-00A7-4151-8652-9A39FAECBC5A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr2b:*:*:*:*:*:*", matchCriteriaId: "42F41FF1-3FD1-4E90-877C-AC10D56CFEA8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:4.2_\\(3\\)sr3:*:*:*:*:*:*", matchCriteriaId: "291CFDEC-CDF8-438D-9D1E-2832CE705FB6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:4.3\\(1\\)sr.1:*:*:*:*:*:*", matchCriteriaId: "25EF5BF5-5909-4194-96DD-E8725BD3499A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "B860F1E1-E295-4B71-B396-14286611EA36", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2\\):*:*:*:*:*:*", matchCriteriaId: "E194E6EC-282D-4C8E-96E3-00D64FCD8C6C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2a\\):*:*:*:*:*:*", matchCriteriaId: "5B2EA451-EE18-440A-924A-556A2EC74300", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(2b\\):*:*:*:*:*:*", matchCriteriaId: "8950C510-38F3-4040-8871-C085DDECF5B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:\\(3a\\):*:*:*:*:*:*", matchCriteriaId: "7101A008-3F3C-4ABB-B4FC-25BDA8809C87", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1\\):*:*:*:*:*:*", matchCriteriaId: "156F822A-08CB-4EE2-9054-18F649D96C39", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "53CBD1E5-46C6-4F31-867A-118227EB0473", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:\\(1a\\):*:*:*:*:*:*", matchCriteriaId: "8E8F77F9-05C3-4B66-9022-7B227F97978C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.", }, { lang: "es", value: "Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a 5.1(2) y 6.x versiones anteriores a 6.1(1) permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP JOIN con una cabecera malformada, también conocido como Bug ID CSCsi48115.", }, ], id: "CVE-2008-1745", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-05-16T12:54:00.000", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/30238", }, { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1020022", }, { source: "psirt@cisco.com", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/29221", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30238", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1020022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42417", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-26 17:41
Modified
2025-04-09 00:30
Severity ?
Summary
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DB3C4551-63D4-4FB6-9871-8E9C8E634B86", versionEndExcluding: "5.1\\(3c\\)", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C9E12823-198D-41FC-969E-2304CDC39EFC", versionEndExcluding: "6.1\\(2\\)", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.", }, { lang: "es", value: "El Servicio Computer Telephony Integration (CTI) Manager de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3c) y 6.x versiones anteriores a la 6.1(2) permite a atacantes remotos provocar una denegación de servicio (caída TSP) a través de tráfico mal formado de red al puerto TCP 2748.", }, ], id: "CVE-2008-2061", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-06-26T17:41:00.000", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30848", }, { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29933", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020360", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020360", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-04 16:15
Modified
2024-11-21 06:10
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unity_connection | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "51C88F69-17A2-4DA3-9831-53BE4690B678", versionEndExcluding: "14su1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "C03E4F7D-0C94-46A5-8BC4-359931FCCE16", versionEndExcluding: "14su1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "B9C2976D-CDF4-44C6-9EE7-09A76D56F4A5", versionEndExcluding: "14su1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "249F488B-B26E-437F-A450-D57BA3E18E5E", versionEndExcluding: "14su1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en la web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) y Cisco Unity Connection podría permitir a un atacante remoto autenticado acceder a datos confidenciales en un dispositivo afectado. Esta vulnerabilidad es debido a que la interfaz de administración basada en la web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada que contenga secuencias de caracteres de salto de directorio en un sistema afectado. Una explotación con éxito podría permitir al atacante acceder a archivos confidenciales en el sistema afectado", }, ], id: "CVE-2021-34701", lastModified: "2024-11-21T06:10:59.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-04T16:15:08.427", references: [ { source: "psirt@cisco.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-07 06:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/100121 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039063 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786 | Vendor Advisory | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100121 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039063 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.", }, { lang: "es", value: "Una vulnerabilidad en Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), y 11.5(1.10000.6) podría permitir que un atacante remoto autenticado lleve a cabo un ataque a ciegas por inyección SQL. Esto se debe a la imposibilidad de validar entradas proporcionadas por el usuario empleadas en consultas SQL que eluden los filtros de protección. Un atacante podría explotar esta vulnerabilidad mediante el envío de URL modificadas que incluyan instrucciones SQL. Un exploit podría permitir que el atacante modifique o elimine entradas en algunas tablas de bases de datos, lo que afectaría a la integridad de los datos. Cisco Bug IDs: CSCve13786.", }, ], id: "CVE-2017-6757", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-07T06:29:00.480", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100121", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039063", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/100121", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-06 21:15
Modified
2024-11-21 06:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unity_connection | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C6326B3E-C1A4-4151-89AB-648545C554DC", versionEndExcluding: "14su2", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "B8D0B3BD-AD4D-4DD0-984E-447788439C9D", versionEndExcluding: "14su2", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "32CBA332-C88F-4C4A-9795-BE61690AA1B4", versionEndExcluding: "12.5\\(1\\)su5", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "F4910BE2-8BF3-473D-A5C5-26B59E6A0C8F", versionEndExcluding: "14su2", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), y Cisco Unity Connection podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad es debido a que la interfaz de administración basada en web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2022-20800", lastModified: "2024-11-21T06:43:34.917", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-06T21:15:11.543", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/101988 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1039916 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101988 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039916 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión web de Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validación insuficiente de entrada de datos de parte del usuario en la interfaz de gestión web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad haciendo que un usuario de la interfaz haga clic en un enlace manipulado. Un exploit con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz o que pueda acceder a información sensible del navegador. Cisco Bug IDs: CSCvf79346.", }, ], id: "CVE-2017-12357", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-11-30T09:29:01.197", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101988", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039916", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1039916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.11.007.2\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11.007.2\\):*:*:*:*:*:*:*", matchCriteriaId: "5D2953AE-78A1-42D2-A48E-D228D1514DF5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).", }, { lang: "es", value: "Una vulnerabilidad en el marco web de Cisco Unified Communications Manager (CallManager) podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de falsificación de solicitud entre sitios (CSRF) contra un usuario de la interfaz web del software afectado. Más información: CSCvb70021. Lanzamientos afectados conocidos: 11.5(1.11007.2).", }, ], id: "CVE-2017-3877", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T22:59:00.517", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96915", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038038", }, { source: "psirt@cisco.com", tags: [ "VDB Entry", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038038", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-04-04 19:44
Modified
2025-04-09 00:30
Severity ?
Summary
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | emergency_responder | 2.0 | |
| cisco | mobility_manager | 2.0 | |
| cisco | unified_communications_manager | 5.0 | |
| cisco | unified_communications_manager | 5.1 | |
| cisco | unified_communications_manager | 6.0 | |
| cisco | unified_communications_manager | 6.1 | |
| cisco | unified_presence | 1.0 | |
| cisco | unified_presence | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:emergency_responder:2.0:*:*:*:*:*:*:*", matchCriteriaId: "984570AA-2517-440D-9A2F-8EBAEB022602", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:mobility_manager:2.0:*:*:*:*:*:*:*", matchCriteriaId: "6BFAA32C-6AEC-490A-9514-BA5B10E9B0E3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:*", matchCriteriaId: "6BC6EF34-D23D-45CA-A907-A47993CC061E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence:1.0:*:*:*:*:*:*:*", matchCriteriaId: "53DFD5A1-33C9-45E5-B7B9-2B1FAA840ED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_presence:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9C9B1A89-6A54-4BA7-9980-3EB46C650FFC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.", }, { lang: "es", value: "El Disaster Recovery Framework (DRF) Master Server en productos Cisco Unified Communications, incluyendo Unified Communications Manager (CUCM) 5.x y 6.x, Unified Presence 1.x y 6.x, Emergency Responder 2.x, y Mobility Manager 2.x, no requiere autenticación para las peticiones recibidas desde la red, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.", }, ], id: "CVE-2008-1154", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-04-04T19:44:00.000", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/29670", }, { source: "psirt@cisco.com", url: "http://securitytracker.com/id?1019768", }, { source: "psirt@cisco.com", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/28591", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2008/1093", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/29670", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1019768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/28591", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1093", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-22 00:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/103146 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040411 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103146 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040411 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.13900.52\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.13900.52\\):*:*:*:*:*:*:*", matchCriteriaId: "B8F66D26-F9C2-48DF-A7F3-25B802511C19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validación insuficiente de entrada de datos de parte del usuario en la interfaz de gestión web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad convenciendo a un usuario de la interfaz de gestión web para que haga clic en un enlace que envía entradas maliciosas a la interfaz. Una explotación con éxito podría permitir al atacante ejecutar código script arbitrario en el contexto de la interfaz o que pueda acceder a información sensible del navegador. Cisco Bug IDs: CSCvg74815.", }, ], id: "CVE-2018-0206", lastModified: "2024-11-21T03:37:43.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-22T00:29:00.937", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103146", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040411", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103146", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040411", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-12-12 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue", }, { lang: "es", value: "EN DISPUTA ** ** El servicio TFTP en Cisco Unified Communications Manager (también conocido como CUCM o Unified CM) permite a atacantes remotos obtener información sensible de un teléfono a través de una operación RRQ, como lo demuestra el descubrimiento de un campo UseUserCredential texto plano en un fichero SPDefault.cnf.xml . NOTA: el vendedor , discute la importancia de este informe, afirmando que se trata de un comportamiento predeterminado se esperaba, y que en la documentación del producto se describe el uso de la opción TFTP cifrados Config para tratar este asunto.", }, ], id: "CVE-2013-7030", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2013-12-12T17:55:03.783", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/100916", }, { source: "cve@mitre.org", tags: [ "Exploit", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/30237/", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/100916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/30237/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89649", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. Más Información: CSCvb98777. Lanzamientos Afectados Conocidos: 11.0(1.10000.10) 11.5(1.10000.6). Lanzamientos Reparados Conocidos: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], id: "CVE-2017-3828", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T02:59:00.263", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/96240", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037839", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-04-20 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1.10000.12\\):*:*:*:*:*:*:*", matchCriteriaId: "815EF306-D944-4D2D-9378-C3E993E58592", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0_base:*:*:*:*:*:*:*", matchCriteriaId: "7313BFB4-34EF-4444-A6BC-A7BDB600C149", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(0.98000.88\\):*:*:*:*:*:*:*", matchCriteriaId: "5E944B20-B158-420D-9176-30F5B6C03D26", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.98991.13\\):*:*:*:*:*:*:*", matchCriteriaId: "2EC63143-A977-4C92-8B03-A7AD152494A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(1.99995.9\\):*:*:*:*:*:*:*", matchCriteriaId: "7C62F7D1-CE41-4AA3-A4C9-6A77C4D45F70", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.12901.1\\):*:*:*:*:*:*:*", matchCriteriaId: "9524FB85-EA15-4837-9966-9DDBB527C4BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.13900.9\\):*:*:*:*:*:*:*", matchCriteriaId: "E75B536F-094C-4997-B545-6AC2F49C2FC0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(3.10000.9\\):*:*:*:*:*:*:*", matchCriteriaId: "C52EECB0-65B5-46DF-800F-63AD2A784A71", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5_base:*:*:*:*:*:*:*", matchCriteriaId: "6074A7B6-6640-4E74-9946-CC8D212F7740", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(0.98000.225\\):*:*:*:*:*:*:*", matchCriteriaId: "DCF56F1D-43C0-4921-A217-3F2A8E5758D4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.480\\):*:*:*:*:*:*:*", matchCriteriaId: "250B8894-9EE0-4F18-81BF-FEB317CE05DC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.98000.486\\):*:*:*:*:*:*:*", matchCriteriaId: "C6C21111-3D26-4AC1-BBDA-4E004DEE5C3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(0.99838.4\\):*:*:*:*:*:*:*", matchCriteriaId: "12D8D2E4-8536-4708-94A9-DE0031EAF62E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.2\\):*:*:*:*:*:*:*", matchCriteriaId: "E1ECEEC7-52A0-41EE-B1CB-C4B09D6E6940", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*", matchCriteriaId: "7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.12000.1\\):*:*:*:*:*:*:*", matchCriteriaId: "A590BFE0-536A-4E8A-AB30-F85A9FB3397D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "711B5CE0-3BA8-4DA6-A18C-D561ECC17A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.", }, { lang: "es", value: "Una vulnerabilidad en el proceso de limitación del Session Initiation Protocol (SIP) UDP de Cisco Unified Communications Manager (Cisco Unified CM) podría permitir a un atacante remoto no autenticado provocar una denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una protección insuficiente de la tasa de limitación. Un atacante podría explotar esta vulnerabilidad enviando al dispositivo afectado una alta tasa de mensajes SIP. Un exploit podría permitir al atacante hacer que el dispositivo se recargue inesperadamente. El dispositivo y los servicios se reiniciarán automáticamente. Esta vulnerabilidad afecta a las versiones de Cisco Unified Communications Manager (CallManager) This vulnerability affects Cisco Unified Communications Manager (CallManager) anteriores a la primera versión fija; la siguiente lista indica la primera versión secundaria que incluye la corrección para esta vulnerabilidad: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.", }, ], id: "CVE-2017-3808", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-04-20T22:59:00.277", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97922", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1038318", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/97922", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038318", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-17 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/96916 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1038036 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96916 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038036 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 10.5\(2.14076.1\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.14076.1\\):*:*:*:*:*:*:*", matchCriteriaId: "7E96831F-40D0-4C7C-97FC-E8D3C063822C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).", }, { lang: "es", value: "Una vulnerabilidad de desviación del filtro XSS en la interfaz de administración basada en web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado lleve a cabo ataques XSS contra un usuario de un dispositivo afectado. Más información: CSCvc21620. Lanzamientos afectados conocidos: 10.5 (2.14076.1). Lanzamientos fijos conocidos: 12.0 (0.98.000.641) 12.0 (0.98000.500) 12.0 (0.98000.219).", }, ], id: "CVE-2017-3872", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-17T22:59:00.407", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96916", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038036", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/96916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1038036", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-21 19:15
Modified
2024-11-21 06:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "14033FCB-FD51-4EA3-9F9E-839D66D3E3EA", versionEndExcluding: "11.5\\(1\\)su11", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "26FE6EED-9EBD-4604-A2EF-95E063B175C2", versionEndExcluding: "11.5\\(1\\)su11", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "64D27440-93CF-4806-91CB-8234DB2FB89F", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "E0B2F05A-797D-48F5-9013-7E2C691DAD88", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "3F2FEC5B-FEA0-4766-BC68-E3391EAB2343", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "5669C77B-2126-495B-B999-7D7399A280E5", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "918C4D20-C104-4692-AF23-79BBAF66916B", versionEndExcluding: "12.5\\(1\\)su6", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", matchCriteriaId: "39B6DB53-E770-4ABB-B186-1EDE491B24BA", versionEndExcluding: "14su1", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME) y Cisco Unity Connection podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad es debido a que la interfaz de administración basada en web no comprueba apropiadamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador", }, ], id: "CVE-2022-20788", lastModified: "2024-11-21T06:43:33.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-21T19:15:08.577", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-02-22 02:59
Modified
2025-04-20 01:37
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. Más Información: CSCvc30999. Lanzamientos Afectados Conocidos: 12.0(0.98000.280). Lanzamientos Reparados Conocidos: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).", }, ], id: "CVE-2017-3829", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-02-22T02:59:00.293", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/96250", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037839", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96250", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/104448 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1041070 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104448 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041070 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.", }, { lang: "es", value: "Una vulnerabilidad en el framework web del software Cisco Unified Communications Manager (Unified CM) podría permitir que un atacante remoto autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de dicha interfaz en el sistema afectado. La vulnerabilidad se debe a una validación de entrada insuficiente de ciertos parámetros que se pasan al servidor web. Un atacante podría explotar esta vulnerabilidad convenciendo a un usuario para que entre a un enlace malicioso o interceptando una petición de usuario e inyectando cierto código malicioso. Si se explota esta vulnerabilidad con éxito, el atacante podría ejecutar código de script arbitrario en el contexto del sitio afectado o permitir que el atacante pueda acceder a información confidencial del navegador. Cisco Bug IDs: CSCvj00512.", }, ], id: "CVE-2018-0340", lastModified: "2024-11-21T03:38:00.933", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-06-07T21:29:00.713", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104448", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041070", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104448", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-20 07:15
Modified
2024-11-21 07:40
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "3A0640FA-00BF-4C19-B602-1680A60552DF", versionEndExcluding: "12.5\\(1\\)su7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "8F8A5463-F790-465E-8B52-9F816DEFC4B0", versionEndExcluding: "12.5\\(1\\)su7", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "1C95C9B5-A0AE-46C6-B378-995512984995", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "8856CD06-9CD4-43EF-8D64-A8D0FDE09696", versionEndExcluding: "14su2", versionStartIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir que un atacante remoto autenticado realice ataques de inyección SQL en un sistema afectado. Esta vulnerabilidad existe porque la interfaz de administración basada en web no valida adecuadamente la entrada del usuario. Un atacante podría aprovechar esta vulnerabilidad autenticándose en la aplicación como un usuario con pocos privilegios y enviando consultas SQL manipuladas a un sistema afectado. Un exploit exitoso podría permitir al atacante leer o modificar cualquier dato en la base de datos subyacente o elevar sus privilegios.", }, ], id: "CVE-2023-20010", lastModified: "2024-11-21T07:40:20.160", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-20T07:15:13.340", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-21 19:15
Modified
2024-11-21 06:43
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "6F59D20F-0194-4A5A-8368-C6EA00438064", versionEndIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "D7A033DD-54EB-442D-931D-749A24FF2E6B", versionEndIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.", }, { lang: "es", value: "Una vulnerabilidad en el protocolo Cisco Discovery de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante adyacente no autenticado causar un kernel panic en un sistema afectado, lo que provocaría una condición de denegación de servicio (DoS). Esta vulnerabilidad es debido al procesamiento incorrecto de determinados paquetes del Cisco Discovery Protocol. Un atacante podría explotar esta vulnerabilidad mediante el envío continuo de determinados paquetes de Cisco Discovery Protocol a un dispositivo afectado. Una explotación con éxito podría permitir al atacante causar un pánico del kernel en el sistema que está ejecutando el software afectado, resultando en una condición de DoS", }, ], id: "CVE-2022-20804", lastModified: "2024-11-21T06:43:35.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:A/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-21T19:15:08.793", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-27 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 3.3\(5\) | |
| cisco | unified_communications_manager | 3.3\(5\)sr1 | |
| cisco | unified_communications_manager | 3.3\(5\)sr2a | |
| cisco | unified_communications_manager | 4.1\(3\) | |
| cisco | unified_communications_manager | 4.1\(3\)sr1 | |
| cisco | unified_communications_manager | 4.1\(3\)sr2 | |
| cisco | unified_communications_manager | 4.1\(3\)sr3 | |
| cisco | unified_communications_manager | 4.1\(3\)sr4 | |
| cisco | unified_communications_manager | 4.2 | |
| cisco | unified_communications_manager | 4.2.1 | |
| cisco | unified_communications_manager | 4.2.2 | |
| cisco | unified_communications_manager | 4.2.3 | |
| cisco | unified_communications_manager | 4.2.3sr1 | |
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | unified_communications_manager | 4.3 | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.", }, { lang: "es", value: "La implementación Certificate Authority Proxy Function (CAPF) CLI en Cisco Unified Communications Manager (Unified CM) 10.0(1) y anteriores permite a usuarios locales inyectar comandos a través de programas CAPF no especificados, también conocido como Bug ID CSCum95493.", }, ], id: "CVE-2014-0747", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 6.8, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-27T01:55:03.447", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1029843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1029843", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-26 07:59
Modified
2025-04-20 01:37
Severity ?
Summary
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1.12000.1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.12000.1\\):*:*:*:*:*:*:*", matchCriteriaId: "A590BFE0-536A-4E8A-AB30-F85A9FB3397D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).", }, { lang: "es", value: "Una vulnerabilidad de XSS de elusión de filtro en la interfaz de gestión basada en web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado montar ataques de XSS contra un usuario de un dispositivo afectado. Más información: CSCvb97237. Lanzamientos afectados conocidos: 11.0(1.10000.10) 11.5(1.10000.6). Lanzamientos reparados conocidos: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).", }, ], id: "CVE-2017-3798", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-26T07:59:00.437", references: [ { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/95872", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1037653", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95872", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager y Cisco Unified Communications Manager Session Management Edition (SME), podría permitir a un atacante remoto autenticado afectar la confidencialidad de un sistema afectado mediante la ejecución de consultas SQL arbitrarias. La vulnerabilidad se presenta porque el software afectado comprueba inapropiadamente la entrada suministrada por el usuario en consultas SQL. Un atacante podría explotar esta vulnerabilidad mediante el envío de peticiones diseñadas que contienen sentencias SQL maliciosas hacia la aplicación afectada. Una explotación con éxito podría permitir al atacante determinar la presencia de ciertos valores en la base de datos, lo que afectaría la confidencialidad del sistema.", }, ], id: "CVE-2019-12710", lastModified: "2024-11-21T04:23:24.877", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:14.093", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-08 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A7C03E4-0E59-44D0-B3FB-77A2CB8A014F", versionEndIncluding: "9.1\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "9B9DA1F8-FA05-4380-8EFF-AF9FEF18FF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "65BB9155-89E5-4D54-AF1B-D5CA38392D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "2A76CD6B-0C24-4F5F-B4BB-BA114150A7F1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "F9BD08CD-9169-4B1E-A6DE-B138E6AB533C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "DFFD96E3-B19F-41B7-86FD-DBFD41382C28", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "0E9BF838-87A2-43B8-975B-524D7F954BF5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "9600EA23-5428-4312-A38E-480E3C3228BF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "57F5547E-F9C8-4F9C-96A1-563A66EE8D48", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "E6C20851-DC17-4E89-A6C1-D1B52D47608F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BC830649-C0D4-4FFC-8701-80FB4A706F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", matchCriteriaId: "935D2815-7146-4125-BDBE-BFAA62A88EC9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", matchCriteriaId: "6BF54827-75E6-4BA0-84F0-0EC0E24A4A73", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", matchCriteriaId: "6C8628E7-D3C8-4212-B0A5-6B5AC14D6101", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "577571D6-AC59-4A43-B9A5-7B6FC6D2046C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "8F1DEC3B-2782-4144-9651-73116294765D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "B2AF68FA-433F-46F2-B309-B60A108BECFA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*", matchCriteriaId: "640BFEE2-B364-411E-B641-7471B88ED7CC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "1B9FDFF3-2E60-4E41-9251-93283D945D94", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "1022C151-6EC8-4E8D-85ED-59D51551BDAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(1c\\):*:*:*:*:*:*:*", matchCriteriaId: "060593BD-ADC1-4282-BC6D-E0D6A2B7C8D1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "239510AD-8BB0-4515-B1DA-80DE696D25DD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "26277C4A-4E27-492C-B18C-AC68D86ADF55", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "9003EC1A-6E85-41F1-BB5D-B841C9C28105", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "0318CF61-B892-4D44-B41A-D630B4AB808C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "9CDA8A78-BA6C-4451-8EAA-B83C3A6C6BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3c\\):*:*:*:*:*:*:*", matchCriteriaId: "84A49932-1E22-4BE0-8195-926D44F65AAA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3d\\):*:*:*:*:*:*:*", matchCriteriaId: "4DE1B0DD-EA64-493B-86B7-9057EE5033C8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1\\(3e\\):*:*:*:*:*:*:*", matchCriteriaId: "00ECD7C0-7F3C-4021-B949-32141E58687C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*", matchCriteriaId: "9E51D8BF-12BB-4DD1-9232-1D066889B30F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "C2DF1139-A161-48DD-9929-F6939D626461", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "FF99088E-1330-4E15-8BD3-2A5172FBA460", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "C2CD96CE-AAC6-40BD-A053-A62572AC7714", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "3FCBB8A8-E31C-49A3-843E-F18B2FF134B9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2CBA6140-CEF7-4990-9A1E-76F02607BA84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "E69A9EC1-7078-4866-986E-D2842CFDC404", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*", matchCriteriaId: "C73894A0-E3F3-4C92-A1D0-7762F2612F16", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "52D7EECA-322E-48E4-9682-6C3C39B64B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "BCE55716-ACB7-411B-B708-415D4DB1D8AB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "916C8A47-B3DA-42C0-BE2F-041269F79CF0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "F252947A-82FE-4133-AA4F-E17758D7ECF7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F61E277B-475A-40EC-8A67-CE2A17C94185", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "D289E6D8-EA6A-4487-9513-6CCEE3740EA2", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*", matchCriteriaId: "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*", matchCriteriaId: "06098E0B-20F8-4FCC-A384-01EA108F4549", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*", matchCriteriaId: "DCF00D65-DE88-4287-82CB-552AB68AFE25", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "6B04ECEA-E097-4069-B6AC-74D477F03BF3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "F5CCD3E6-6031-437E-862B-470E39FAF67D", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "31C31335-8001-4C83-A04B-6562CB39E3EC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "70757AD4-8F55-4C8B-886B-1D2E41670407", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "FFD583D2-CFB4-4539-9458-E91FF9BC7059", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "FB6E34CF-3F33-485F-8128-2D65A9034A57", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "751BBB43-B31B-4D84-97AD-5BA4603DD08A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "B7285C0D-5337-49D0-A6EE-2385A7B4F510", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.", }, { lang: "es", value: "El portal de administración en Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores no maneja apropiadamente las restricciones por rol, lo que permite a usuarios remotos autenticados sortear el control de acceso basado en rol a través de múltiples visitas a la URL \"forbidden portal\", tambien conocido como Bug ID CSCuj83540.", }, ], id: "CVE-2014-0657", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-08T21:55:06.410", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/101800", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/56368", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32341", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/64690", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029571", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/101800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/56368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/64690", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1029571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90120", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "E5137D0F-0273-41EF-B3F6-2D87662B3788", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "BFAAC2E8-B548-4940-9492-DEAB574E7CF8", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9F0A5B28-0211-4173-BD91-67BCA3267C95", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*", matchCriteriaId: "74323C2F-949A-4A97-8A1A-1D0A470B93BC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*", matchCriteriaId: "248E4608-B870-4913-8048-3771685CBD77", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.", }, { lang: "es", value: "Múltiples vulnerabilidades de inyección SQL en xmldirectorylist.jsp incrustado en el componente del Servidor Apache HTTP en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su3, v7.x antes de 7.1(5)su4, v8.0 antes de v8.0(3a)su2, y v8.5 antes de v8.5(1)su1 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) f, (2) l, o (3) n, también conocido como ID de error CSCtj42064.", }, ], id: "CVE-2011-1610", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-05-03T22:55:02.667", references: [ { source: "psirt@cisco.com", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/44331", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/archive/1/517727/100/0/threaded", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/47607", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025449", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "psirt@cisco.com", url: "http://zerodayinitiative.com/advisories/ZDI-11-143/", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/44331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/517727/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/47607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://zerodayinitiative.com/advisories/ZDI-11-143/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67126", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-08 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.0\(0.98000.225\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(0.98000.225\\):*:*:*:*:*:*:*", matchCriteriaId: "DCF56F1D-43C0-4921-A217-3F2A8E5758D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager 11.0(0.98000.225) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocida como Bug ID CSCut66767.", }, ], id: "CVE-2015-6433", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-08T02:59:00.107", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1034583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034583", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-02 19:15
Modified
2024-11-21 04:28
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 12.5\(1.10000.22\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1.10000.22\\):*:*:*:*:*:*:*", matchCriteriaId: "BEEEA592-F8A1-41F2-B152-87F0A9B6087E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager y Cisco Unified Communications Manager Session Management Edition (SME), podría permitir a un atacante remoto no autenticado omita las restricciones de seguridad. La vulnerabilidad es debido al manejo inapropiado de los métodos HTTP malformados. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada hacia el sistema afectado. Una explotación con éxito podría permitir al atacante conseguir acceso no autorizado al sistema.", }, ], id: "CVE-2019-15272", lastModified: "2024-11-21T04:28:21.120", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-02T19:15:15.343", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-02-13 05:24
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "0F66EDBF-F735-4E44-B650-39FCE806535A", versionEndIncluding: "10.0\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*", matchCriteriaId: "725D3E7D-6EF9-4C13-8B30-39ED49BBC8E3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.", }, { lang: "es", value: "Vulnerabilidad de inyección SQL en la interfaz IP Manager Assistant (IPMA) en Cisco Unified Communications Manager (UCM) 10.0(1) y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCum05326.", }, ], id: "CVE-2014-0726", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-02-13T05:24:51.573", references: [ { source: "psirt@cisco.com", url: "http://osvdb.org/103218", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32843", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/65514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/103218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32843", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/65514", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-07-10 11:06
Modified
2025-04-12 10:46
Severity ?
Summary
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 10.0\(1\)_base |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.0\\(1\\)_base:*:*:*:*:*:*:*", matchCriteriaId: "B065CEE2-A88A-4923-A684-6AE76C4A8006", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.", }, { lang: "es", value: "Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager permite a usuarios remotos autenticados evadir las restricciones de subida a través de un parámetro manipulado, también conocido como Bug ID CSCup76297.", }, ], id: "CVE-2014-3316", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-07-10T11:06:28.020", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59730", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/68479", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1030554", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/68479", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1030554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-16 22:15
Modified
2024-11-21 07:40
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 14.0 | |
| cisco | unified_communications_manager | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "5ED87C28-37D0-45C9-A588-978BB5FB3261", versionEndExcluding: "12.5\\(1\\)sub", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "8374E77A-15D6-4938-9BD5-2DB669BC9E4F", versionEndExcluding: "12.5\\(1\\)sub", versionStartIncluding: "12.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:-:*:*:*", matchCriteriaId: "CD0AB4E6-61AF-4FB9-8292-75FC56EE61EA", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:session_management:*:*:*", matchCriteriaId: "5B613D5E-BF3D-426B-9A5B-0322D48EE693", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. \r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.", }, ], id: "CVE-2023-20211", lastModified: "2024-11-21T07:40:53.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-16T22:15:11.337", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-injection-g6MbwH2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-injection-g6MbwH2", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-08-31 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 4.2.3sr2 | |
| cisco | unified_communications_manager | 4.2.3sr2b | |
| cisco | call_manager | 3.3\(5\)sr1 | |
| cisco | call_manager | 3.3\(5\)sr2 | |
| cisco | call_manager | 3.3\(5\)sr2a | |
| cisco | call_manager | 4.1 | |
| cisco | call_manager | 4.1\(3\)sr1 | |
| cisco | call_manager | 4.1\(3\)sr2 | |
| cisco | call_manager | 4.1\(3\)sr3 | |
| cisco | call_manager | 4.1\(3\)sr4 | |
| cisco | call_manager | 4.2 | |
| cisco | call_manager | 4.2\(1\) | |
| cisco | call_manager | 4.2\(2\) | |
| cisco | call_manager | 4.2\(3\) | |
| cisco | call_manager | 4.2\(3\)sr1 | |
| cisco | call_manager | 4.2\(3\)sr2 | |
| cisco | call_manager | 4.3 | |
| cisco | call_manager | 4.3\(1\) | |
| cisco | call_manager | 4.3\(1\)sr1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*", matchCriteriaId: "19432E5E-EA68-4B7A-8B99-DEBACBC3F160", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*", matchCriteriaId: "ABE4CD8E-F27C-4F96-B955-FC1E71B5D55B", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "B6049596-9D62-4EC4-BEAE-A2023F6F3346", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "87560280-EF6A-46DC-9368-0C98E0A5B7E8", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", matchCriteriaId: "F977BD4D-308D-4415-9302-5C44238881A7", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*", matchCriteriaId: "373E71AE-C735-4476-A574-56C35BAD8DB0", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "9F9AA9D0-3205-4A5D-8161-C80D1855D91E", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "B771F3F8-CD24-4710-A7A8-D4F9E0DB4BB2", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", matchCriteriaId: "71DA8A99-A678-42F8-AFC5-323E77D9BCC5", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", matchCriteriaId: "D3C30434-29FD-45D4-B9D8-BEB65FE4471A", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2:*:*:*:*:*:*:*", matchCriteriaId: "7FA55FCB-FFFB-495F-86A8-262E7995B519", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "E6ECFC2B-9978-46FF-BC4E-A81B9B835E29", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "3979687E-2BDE-42CD-ACF6-5EE3AF6CD5B2", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "EB63E43F-96D1-442E-8AA7-B0183117F6A4", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "86960ABE-F133-49EE-A8E3-70CF1DD93ADC", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr2:*:*:*:*:*:*:*", matchCriteriaId: "36C8C9AA-8AA2-40C2-88A2-0860543601C6", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.3:*:*:*:*:*:*:*", matchCriteriaId: "98B77A94-5477-4703-9421-2266EC603319", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.3\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "5AF86C50-A2B2-4944-8361-C67766DCA2DA", vulnerable: true, }, { criteria: "cpe:2.3:h:cisco:call_manager:4.3\\(1\\)sr1:*:*:*:*:*:*:*", matchCriteriaId: "C98C1833-23B0-4559-BA64-A8BD30828ACB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.", }, { lang: "es", value: "Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Cisco CallManager y Unified Communications Manager (CUCM) versiones anteriores a 3.3(5)sr2b, 4.1 versiones anteriores a 4.1(3)sr5, 4.2 versiones anteriores a 4.2(3)sr2, y 4.3 versiones anteriores a 4.3(1)sr1, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la variable lang en la página de acceso de (1) usuario ó (2) administrador, también conocido como CSCsi10728.", }, ], id: "CVE-2007-4633", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2007-08-31T23:17:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26641", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1018624", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/25480", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2007/3010", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/26641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1018624", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/25480", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2007/3010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-17 18:15
Modified
2024-11-21 05:30
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | 12.0\(1\) | |
| cisco | unified_communications_manager | 12.0\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "BCF6785B-5AFC-41C8-8E49-4CA61050BD38", versionEndIncluding: "10.5\\(2\\)su10", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "55E5999B-7076-417E-B368-45A07136D59C", versionEndIncluding: "10.5\\(2\\)su10", versionStartIncluding: "10.5\\(2\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "ED8EEAE6-0F73-4C59-9325-EDE53D0E22A7", versionEndIncluding: "11.5\\(1\\)su8", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "CC59D481-68CE-4E3E-9890-4DC2B6395478", versionEndIncluding: "11.5\\(1\\)su8", versionStartIncluding: "11.5\\(1\\)", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "F2742FD5-CE1D-4FDC-818F-125600015BDF", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EA9B0067-9B0E-4DF3-B443-C8C9C48B3957", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:-:*:*:*", matchCriteriaId: "0F4F8482-029A-4A84-97F1-9EDEDCE42C6B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*", matchCriteriaId: "EB810DDE-18A0-4168-8EC1-726DA62453E8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, { lang: "es", value: "Una vulnerabilidad en la Interfaz de Usuario web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. La vulnerabilidad se presenta porque la Interfaz de Usuario web no comprueba apropiadamente la entrada suministrada por el usuario. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario de la interfaz para hacer click en un enlace diseñado. Una explotación con éxito podría permitir al atacante ejecutar un código de script arbitrario en el contexto de la interfaz afectada o acceder a información confidencial basada en el navegador.", }, ], id: "CVE-2020-3346", lastModified: "2024-11-21T05:30:50.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-17T18:15:12.477", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-drASc7sr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-drASc7sr", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-01-20 20:15
Modified
2024-11-21 05:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E04AFBD-C69F-4462-9742-914CD9AD2BB7", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "F709C2EB-2724-443B-B362-0916AB8935EF", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "64674375-4962-410C-A837-339258B344C4", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "99FBA7C5-CE7D-41F0-ACFF-8A24079B7DDA", versionEndExcluding: "12.0\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7ABF16F2-3695-490C-B4B2-D6BAF80F9D25", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "829CD76A-0785-426B-851F-04790870713D", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "6986C5A9-7211-463E-B016-18E19B66ADBA", versionEndExcluding: "11.5\\(1\\)su9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*", matchCriteriaId: "211822F9-04D8-49F4-BB92-B5F740AAB2D1", versionEndExcluding: "12.5\\(1\\)su4", versionStartIncluding: "12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, { lang: "es", value: "Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&:P), podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM&P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. Para más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso", }, ], id: "CVE-2021-1357", lastModified: "2024-11-21T05:44:10.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-01-20T20:15:17.690", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-35", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-19 20:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/103933 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1040718 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103933 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040718 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 10.5\(2.10000.5\) | |
| cisco | unified_communications_manager | 11.0\(1.10000.10\) | |
| cisco | unified_communications_manager | 11.5\(1.10000.6\) | |
| cisco | unified_communications_manager | 12.0\(1.10000.10\) |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", matchCriteriaId: "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "F47282B9-8B76-40E0-B72C-A6A196A37A0C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", matchCriteriaId: "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", matchCriteriaId: "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.", }, { lang: "es", value: "Una vulnerabilidad en el framework web de Cisco Unified Communications Manager podría permitir que un atacante remoto autenticado visualice datos sensibles. Esta vulnerabilidad se debe a una protección de tablas de bases de datos insuficiente en la interfaz web. Un atacante podría explotar esta vulnerabilidad navegando hasta una URL específica. Su explotación podría permitir que el atacante vea parámetros de configuración. Cisco Bug IDs: CSCvf20218.", }, ], id: "CVE-2018-0266", lastModified: "2024-11-21T03:37:50.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-19T20:29:01.487", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103933", }, { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040718", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/103933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040718", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-425", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-31 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.", }, { lang: "es", value: "Múltiples vulnerabilidades de XSS en la interfaz del analizador del número marcado de CCM en el servidor en Cisco Unified Communications Manager permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados, también conocido como Bug ID CSCup92550.", }, ], id: "CVE-2014-3373", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2014-10-31T10:55:02.143", references: [ { source: "psirt@cisco.com", url: "http://secunia.com/advisories/59692", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/70848", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id/1031161", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59692", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1031161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-05-03 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*", matchCriteriaId: "819AE879-5BF9-494E-8905-1E1E867EB5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*", matchCriteriaId: "6CC94003-72B6-45C3-A07E-0A08F1562B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*", matchCriteriaId: "958A2707-0F1A-4719-BB9F-DC9ED129105A", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*", matchCriteriaId: "48A8EE9A-458D-4619-B04D-F01A9934DC11", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "597D9674-F44D-4A31-A2F2-2790ED698A91", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3C2B7439-8547-41A6-AE6C-6ABCD167890E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "BE122F76-ECDB-4446-825C-EF02257D8C08", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "44280E56-C151-4C08-804D-001F91FF2AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "BD968A56-9539-4699-9099-0F220D283CB1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*", matchCriteriaId: "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "665ACEFC-B989-42AB-BAB4-2C273CF2B702", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*", matchCriteriaId: "4F9ABF04-C732-4509-8589-F58E1D5F66E0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "0D899431-7C91-4CB4-9CBA-D5BA34B7B330", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "FC13697F-84A3-4793-B82E-6E8857B4FC3C", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "DC24D57B-3D0C-486D-83CB-A4E419CA9626", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "72C54A10-998C-435F-B058-A6879CD608A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "D81D69D5-E669-4DBC-A76B-E9C30A239A2B", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*", matchCriteriaId: "FCB47159-FA07-4317-B562-D7AB7C49E8F6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "8765E016-7C6F-4C36-A22C-78ED8666F7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "2B3D5254-3E67-452E-ADB3-204A66765952", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*", matchCriteriaId: "B591E75E-040C-4D26-AF13-A4F87E048579", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "F22B2CDE-DB49-402D-8BF2-B9458D907DDE", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*", matchCriteriaId: "18986D7E-E1E6-46EB-A247-2A98224FC122", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "46BDD926-7F96-46C5-AD9C-40B7D3C78340", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "7BA63076-B8A1-4672-99F3-703F7838F3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "3F84676C-75A5-48D2-889D-B48EC724336F", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*", matchCriteriaId: "2EA15D48-A0DE-4091-8C78-666E98B488C4", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "3038823F-C32D-4C1B-8228-D14B35535297", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*", matchCriteriaId: "2ECDCE1A-176D-46E0-9C39-19FAD7B57892", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "C6856A2A-55F4-4785-BEC1-54295D7D9CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*", matchCriteriaId: "2727998A-ED1F-4EFE-9952-7DA8486706D0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*", matchCriteriaId: "F61FD826-A08E-477C-AA57-359B10387035", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*", matchCriteriaId: "7A9EDB91-350B-4ED4-A177-257023380C44", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*", matchCriteriaId: "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*", matchCriteriaId: "07EF7BE6-2702-4174-A8AA-AFD44014F8A7", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*", matchCriteriaId: "56403D34-B803-4DA7-96BC-2E0797D27F69", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*", matchCriteriaId: "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*", matchCriteriaId: "765921EA-40B6-491F-9F05-85E000F12474", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*", matchCriteriaId: "3E1FA195-A711-4861-9B3D-A36D55C0F49D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.", }, { lang: "es", value: "Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5)su1, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCtg62855.", }, ], id: "CVE-2011-1606", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-05-03T22:55:02.417", references: [ { source: "psirt@cisco.com", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "psirt@cisco.com", url: "http://secunia.com/advisories/44331", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "psirt@cisco.com", url: "http://www.securityfocus.com/bid/47611", }, { source: "psirt@cisco.com", url: "http://www.securitytracker.com/id?1025449", }, { source: "psirt@cisco.com", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "psirt@cisco.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67124", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/44331", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/47611", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1025449", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2011/1122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67124", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-21 19:15
Modified
2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*", matchCriteriaId: "6F59D20F-0194-4A5A-8368-C6EA00438064", versionEndIncluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*", matchCriteriaId: "D7A033DD-54EB-442D-931D-749A24FF2E6B", versionEndIncluding: "14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir a un atacante remoto autenticado leer archivos arbitrarios del sistema operativo subyacente. Esta vulnerabilidad es debido a que la interfaz de administración basada en web no comprueba apropiadamente las entradas proporcionadas por el usuario. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP diseñada que contenga secuencias de caracteres de salto de ruta a un sistema afectado. Una explotación con éxito podría permitir al atacante acceder a archivos confidenciales en el sistema operativo subyacente", }, ], id: "CVE-2022-20790", lastModified: "2024-11-21T06:43:33.717", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@cisco.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-21T19:15:08.687", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-23", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-05-04 03:24
Modified
2025-04-11 00:51
Severity ?
Summary
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8D51B262-3855-4384-A0EA-FE115D544953", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.", }, { lang: "es", value: "La interfaz de línea de comandos Cisco Unified Communications Manager (CUCM) no valida correctamente la entrada, permitiendo a usuarios locales leer archivos de su elección a través de vectores no especificados, también conocido como Bug ID CSCue25770.", }, ], id: "CVE-2013-1240", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.6, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:S/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.1, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-05-04T03:24:41.737", references: [ { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2009-2053
Vulnerability from cvelistv5
Published
2009-08-27 16:31
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36152 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36498 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/57455 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1022775 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:36:20.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36498", }, { name: "57455", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/57455", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022775", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-26T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-02T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36498", }, { name: "57455", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/57455", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022775", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-2053", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "36499", refsource: "SECUNIA", url: "http://secunia.com/advisories/36499", }, { name: "36152", refsource: "BID", url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", refsource: "SECUNIA", url: "http://secunia.com/advisories/36498", }, { name: "57455", refsource: "OSVDB", url: "http://osvdb.org/57455", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022775", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-2053", datePublished: "2009-08-27T16:31:00", dateReserved: "2009-06-12T00:00:00", dateUpdated: "2024-08-07T05:36:20.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3317
Vulnerability from cvelistv5
Published
2014-07-14 21:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68481 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030554 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317 | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/59727 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34898 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94435 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.078Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "68481", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68481", }, { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317", }, { name: "59727", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59727", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34898", }, { name: "cucm-cve20143317-dir-traversal(94435)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94435", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-09T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "68481", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68481", }, { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317", }, { name: "59727", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59727", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34898", }, { name: "cucm-cve20143317-dir-traversal(94435)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94435", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3317", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "68481", refsource: "BID", url: "http://www.securityfocus.com/bid/68481", }, { name: "1030554", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Path Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317", }, { name: "59727", refsource: "SECUNIA", url: "http://secunia.com/advisories/59727", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34898", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34898", }, { name: "cucm-cve20143317-dir-traversal(94435)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94435", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3317", datePublished: "2014-07-14T21:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.078Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5555
Vulnerability from cvelistv5
Published
2013-11-01 01:00
Modified
2024-09-16 16:28
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:15:21.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20131029 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-11-01T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20131029 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-5555", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20131029 Cisco Unified Communications Manager Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5555", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-5555", datePublished: "2013-11-01T01:00:00Z", dateReserved: "2013-08-22T00:00:00Z", dateUpdated: "2024-09-16T16:28:12.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-3776
Vulnerability from cvelistv5
Published
2007-07-15 22:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1018368 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/26039 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24867 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/2511 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35344 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/36124 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:28:52.377Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1018368", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018368", }, { name: "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { name: "26039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26039", }, { name: "24867", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24867", }, { name: "ADV-2007-2511", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2511", }, { name: "cisco-callmanager-presence-info-disclosure(35344)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35344", }, { name: "36124", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/36124", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-07-11T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1018368", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018368", }, { name: "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { name: "26039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26039", }, { name: "24867", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24867", }, { name: "ADV-2007-2511", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2511", }, { name: "cisco-callmanager-presence-info-disclosure(35344)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35344", }, { name: "36124", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/36124", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-3776", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1018368", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018368", }, { name: "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { name: "26039", refsource: "SECUNIA", url: "http://secunia.com/advisories/26039", }, { name: "24867", refsource: "BID", url: "http://www.securityfocus.com/bid/24867", }, { name: "ADV-2007-2511", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2511", }, { name: "cisco-callmanager-presence-info-disclosure(35344)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35344", }, { name: "36124", refsource: "OSVDB", url: "http://osvdb.org/36124", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-3776", datePublished: "2007-07-15T22:00:00", dateReserved: "2007-07-15T00:00:00", dateUpdated: "2024-08-07T14:28:52.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1742
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42410 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.253Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "cucm-ctlprovider-dos(42410)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "cucm-ctlprovider-dos(42410)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1742", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "cucm-ctlprovider-dos(42410)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42410", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1742", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.253Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3877
Vulnerability from cvelistv5
Published
2017-03-17 22:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038038 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96915 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.383Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2", }, { name: "1038038", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038038", }, { name: "96915", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96915", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-03-17T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Request Forgery Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2", }, { name: "1038038", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038038", }, { name: "96915", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96915", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3877", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Request Forgery Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm2", }, { name: "1038038", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038038", }, { name: "96915", refsource: "BID", url: "http://www.securityfocus.com/bid/96915", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3877", datePublished: "2017-03-17T22:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6758
Vulnerability from cvelistv5
Published
2017-08-07 06:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100119 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1 | x_refsource_CONFIRM | |
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039064 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.552Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "100119", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100119", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796", }, { name: "1039064", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039064", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-08-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T09:57:02", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "100119", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100119", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796", }, { name: "1039064", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039064", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6758", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "100119", refsource: "BID", url: "http://www.securityfocus.com/bid/100119", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1", }, { name: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796", refsource: "CONFIRM", url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796", }, { name: "1039064", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039064", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6758", datePublished: "2017-08-07T06:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:41:17.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7991
Vulnerability from cvelistv5
Published
2014-11-14 00:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1031181 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/62267 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/71013 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:03:27.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1031181", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031181", }, { name: "cisco-ucm-cve20147991-spoofing(98574)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574", }, { name: "62267", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/62267", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", }, { name: "71013", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/71013", }, { name: "20141110 Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-10T00:00:00", descriptions: [ { lang: "en", value: "The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T15:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1031181", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031181", }, { name: "cisco-ucm-cve20147991-spoofing(98574)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574", }, { name: "62267", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/62267", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", }, { name: "71013", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/71013", }, { name: "20141110 Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-7991", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1031181", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031181", }, { name: "cisco-ucm-cve20147991-spoofing(98574)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98574", }, { name: "62267", refsource: "SECUNIA", url: "http://secunia.com/advisories/62267", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36381", }, { name: "71013", refsource: "BID", url: "http://www.securityfocus.com/bid/71013", }, { name: "20141110 Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-7991", datePublished: "2014-11-14T00:00:00", dateReserved: "2014-10-08T00:00:00", dateUpdated: "2024-08-06T13:03:27.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2560
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-09-17 04:19
Severity ?
EPSS score ?
Summary
The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:23.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-08-29T15:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-2560", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-2560", datePublished: "2011-08-29T15:00:00Z", dateReserved: "2011-06-27T00:00:00Z", dateUpdated: "2024-09-17T04:19:34.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4019
Vulnerability from cvelistv5
Published
2012-05-03 10:00
Modified
2024-09-16 22:36
Severity ?
EPSS score ?
Summary
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf | x_refsource_CONFIRM | |
| http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-05-03T10:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-4019", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf", refsource: "CONFIRM", url: "http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf", }, { name: "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html", refsource: "CONFIRM", url: "http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-4019", datePublished: "2012-05-03T10:00:00Z", dateReserved: "2011-10-06T00:00:00Z", dateUpdated: "2024-09-16T22:36:25.358Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6785
Vulnerability from cvelistv5
Published
2017-08-17 20:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1039184 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100375 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco Systems, Inc. | Unified Communications Manager |
Version: 10.5(2.10000.5) Version: 11.0(1.10000.10) Version: 11.5(1.10000.6) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1039184", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039184", }, { name: "100375", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100375", }, { name: "20170816 Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Unified Communications Manager", vendor: "Cisco Systems, Inc.", versions: [ { status: "affected", version: "10.5(2.10000.5)", }, { status: "affected", version: "11.0(1.10000.10)", }, { status: "affected", version: "11.5(1.10000.6)", }, ], }, ], datePublic: "2017-08-16T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).", }, ], problemTypes: [ { descriptions: [ { description: "Privilege Escalation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-18T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1039184", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039184", }, { name: "100375", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100375", }, { name: "20170816 Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2017-08-16T00:00:00", ID: "CVE-2017-6785", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Unified Communications Manager", version: { version_data: [ { version_value: "10.5(2.10000.5)", }, { version_value: "11.0(1.10000.10)", }, { version_value: "11.5(1.10000.6)", }, ], }, }, ], }, vendor_name: "Cisco Systems, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privilege Escalation", }, ], }, ], }, references: { reference_data: [ { name: "1039184", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039184", }, { name: "100375", refsource: "BID", url: "http://www.securityfocus.com/bid/100375", }, { name: "20170816 Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6785", datePublished: "2017-08-17T20:00:00Z", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-09-17T03:18:55.237Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3316
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1030554 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/68479 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/59730 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94429 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34899 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316", }, { name: "68479", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68479", }, { name: "59730", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59730", }, { name: "cucm-cve20143316-file-upload(94429)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-09T00:00:00", descriptions: [ { lang: "en", value: "The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316", }, { name: "68479", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68479", }, { name: "59730", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59730", }, { name: "cucm-cve20143316-file-upload(94429)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3316", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1030554", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Arbitrary File Upload Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3316", }, { name: "68479", refsource: "BID", url: "http://www.securityfocus.com/bid/68479", }, { name: "59730", refsource: "SECUNIA", url: "http://secunia.com/advisories/59730", }, { name: "cucm-cve20143316-file-upload(94429)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94429", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34899", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3316", datePublished: "2014-07-10T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12258
Vulnerability from cvelistv5
Published
2017-10-05 07:00
Modified
2024-08-05 18:28
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101172 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039505 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:28:16.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "101172", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101172", }, { name: "1039505", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039505", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-10-05T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-06T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "101172", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101172", }, { name: "1039505", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039505", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-12258", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-59", }, ], }, ], }, references: { reference_data: [ { name: "101172", refsource: "BID", url: "http://www.securityfocus.com/bid/101172", }, { name: "1039505", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039505", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-12258", datePublished: "2017-10-05T07:00:00", dateReserved: "2017-08-03T00:00:00", dateUpdated: "2024-08-05T18:28:16.665Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12715
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-21 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12715 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:54.149Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12715", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12715", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:56:31.234735Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:10:51.421Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:53", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12715", }, ], source: { advisory: "cisco-sa-20191002-cucm-xss-12715", defect: [ [ "CSCvo42294", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-12715", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12715", }, ], }, source: { advisory: "cisco-sa-20191002-cucm-xss-12715", defect: [ [ "CSCvo42294", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12715", datePublished: "2019-10-02T19:06:53.890981Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-21T19:10:51.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-0026
Vulnerability from cvelistv5
Published
2008-02-14 11:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27775 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28932 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40484 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1019404 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/0542 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:32:24.039Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "27775", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27775", }, { name: "28932", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28932", }, { name: "cucm-interface-sql-injection(40484)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484", }, { name: "20080213 SQL injection in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml", }, { name: "1019404", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019404", }, { name: "ADV-2008-0542", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0542", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-02-13T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "27775", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27775", }, { name: "28932", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28932", }, { name: "cucm-interface-sql-injection(40484)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484", }, { name: "20080213 SQL injection in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml", }, { name: "1019404", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019404", }, { name: "ADV-2008-0542", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0542", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-0026", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "27775", refsource: "BID", url: "http://www.securityfocus.com/bid/27775", }, { name: "28932", refsource: "SECUNIA", url: "http://secunia.com/advisories/28932", }, { name: "cucm-interface-sql-injection(40484)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/40484", }, { name: "20080213 SQL injection in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml", }, { name: "1019404", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019404", }, { name: "ADV-2008-0542", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0542", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-0026", datePublished: "2008-02-14T11:00:00", dateReserved: "2007-12-17T00:00:00", dateUpdated: "2024-08-07T07:32:24.039Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0355
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:03
Severity ?
EPSS score ?
Summary
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104425 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041068 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager unknown |
Version: Cisco Unified Communications Manager unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.458Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104425", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104425", }, { name: "1041068", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041068", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0355", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:37:44.595858Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:03:27.837Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager unknown", }, ], }, ], datePublic: "2018-06-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-14T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "104425", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104425", }, { name: "1041068", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041068", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0355", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager unknown", version: { version_data: [ { version_value: "Cisco Unified Communications Manager unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "104425", refsource: "BID", url: "http://www.securityfocus.com/bid/104425", }, { name: "1041068", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041068", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0355", datePublished: "2018-06-07T21:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:03:27.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3402
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54249 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.002Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-20T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3402", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54249", refsource: "SECUNIA", url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3402", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:38.002Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-5537
Vulnerability from cvelistv5
Published
2007-10-18 00:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26105 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37246 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3532 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/37941 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018828 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/27296 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:31:59.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "26105", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26105", }, { name: "cucm-sip-invite-dos(37246)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246", }, { name: "ADV-2007-3532", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3532", }, { name: "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { name: "37941", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/37941", }, { name: "1018828", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018828", }, { name: "27296", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27296", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-10-17T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "26105", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26105", }, { name: "cucm-sip-invite-dos(37246)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246", }, { name: "ADV-2007-3532", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3532", }, { name: "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { name: "37941", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/37941", }, { name: "1018828", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018828", }, { name: "27296", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27296", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-5537", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "26105", refsource: "BID", url: "http://www.securityfocus.com/bid/26105", }, { name: "cucm-sip-invite-dos(37246)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37246", }, { name: "ADV-2007-3532", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3532", }, { name: "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { name: "37941", refsource: "OSVDB", url: "http://osvdb.org/37941", }, { name: "1018828", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018828", }, { name: "27296", refsource: "SECUNIA", url: "http://secunia.com/advisories/27296", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-5537", datePublished: "2007-10-18T00:00:00", dateReserved: "2007-10-17T00:00:00", dateUpdated: "2024-08-07T15:31:59.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2184
Vulnerability from cvelistv5
Published
2014-04-29 10:00
Modified
2024-08-06 10:05
Severity ?
EPSS score ?
Summary
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:05:59.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-28T00:00:00", descriptions: [ { lang: "en", value: "The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-29T05:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-2184", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140428 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2184", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-2184", datePublished: "2014-04-29T10:00:00", dateReserved: "2014-02-25T00:00:00", dateUpdated: "2024-08-06T10:05:59.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0135
Vulnerability from cvelistv5
Published
2018-02-08 07:00
Modified
2024-12-02 21:09
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102964 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040343 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:16.870Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102964", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102964", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", }, { name: "1040343", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040343", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0135", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T18:55:20.691763Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T21:09:05.019Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-02-08T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-09T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "102964", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102964", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", }, { name: "1040343", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040343", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0135", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected system. A successful exploit could allow the attacker to retrieve sensitive information from the affected system. Cisco Bug IDs: CSCvf17644.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "102964", refsource: "BID", url: "http://www.securityfocus.com/bid/102964", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm", }, { name: "1040343", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040343", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0135", datePublished: "2018-02-08T07:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-12-02T21:09:05.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0266
Vulnerability from cvelistv5
Published
2018-04-19 20:00
Modified
2024-11-29 15:15
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103933 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040718 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:14.559Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm", }, { name: "103933", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103933", }, { name: "1040718", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040718", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0266", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:38:26.088914Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:15:07.635Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-04-19T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm", }, { name: "103933", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103933", }, { name: "1040718", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040718", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0266", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration parameters. Cisco Bug IDs: CSCvf20218.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm", }, { name: "103933", refsource: "BID", url: "http://www.securityfocus.com/bid/103933", }, { name: "1040718", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040718", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0266", datePublished: "2018-04-19T20:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:15:07.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20787
Vulnerability from cvelistv5
Published
2022-04-21 18:50
Modified
2024-11-06 16:22
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220420 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20787", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T16:00:13.329224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:22:55.003Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-21T18:50:28", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220420 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT", }, ], source: { advisory: "cisco-sa-ucm-csrf-jrKP4eNT", defect: [ [ "CSCvz16244", "CSCvz16271", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-04-20T16:00:00", ID: "CVE-2022-20787", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.7", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352", }, ], }, ], }, references: { reference_data: [ { name: "20220420 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-jrKP4eNT", }, ], }, source: { advisory: "cisco-sa-ucm-csrf-jrKP4eNT", defect: [ [ "CSCvz16244", "CSCvz16271", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20787", datePublished: "2022-04-21T18:50:28.915785Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:22:55.003Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3404
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54249 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.924Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-20T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3404", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54249", refsource: "SECUNIA", url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3404", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:37.924Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1747
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42418 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-sip-dos(42418)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42418", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-sip-dos(42418)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42418", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1747", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-sip-dos(42418)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42418", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1747", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.269Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3318
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68482 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030554 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34897 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94433 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/59728 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "68482", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68482", }, { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34897", }, { name: "cucm-cve20143318-dir-traversal(94433)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94433", }, { name: "59728", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59728", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-09T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "68482", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68482", }, { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34897", }, { name: "cucm-cve20143318-dir-traversal(94433)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94433", }, { name: "59728", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59728", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3318", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "68482", refsource: "BID", url: "http://www.securityfocus.com/bid/68482", }, { name: "1030554", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030554", }, { name: "20140709 Cisco Unified Communications Manager DNA Path Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34897", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34897", }, { name: "cucm-cve20143318-dir-traversal(94433)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94433", }, { name: "59728", refsource: "SECUNIA", url: "http://secunia.com/advisories/59728", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3318", datePublished: "2014-07-10T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-0057
Vulnerability from cvelistv5
Published
2009-01-22 18:00
Modified
2024-08-07 04:17
Severity ?
EPSS score ?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/33379 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1021620 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48139 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/0213 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/33588 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:17:10.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "33379", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/33379", }, { name: "1021620", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021620", }, { name: "cucm-capf-dos-var1(48139)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48139", }, { name: "ADV-2009-0213", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0213", }, { name: "33588", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33588", }, { name: "20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-01-21T00:00:00", descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the \"client terminates prematurely.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "33379", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/33379", }, { name: "1021620", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021620", }, { name: "cucm-capf-dos-var1(48139)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48139", }, { name: "ADV-2009-0213", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0213", }, { name: "33588", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33588", }, { name: "20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-0057", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the \"client terminates prematurely.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "33379", refsource: "BID", url: "http://www.securityfocus.com/bid/33379", }, { name: "1021620", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021620", }, { name: "cucm-capf-dos-var1(48139)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/48139", }, { name: "ADV-2009-0213", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0213", }, { name: "33588", refsource: "SECUNIA", url: "http://secunia.com/advisories/33588", }, { name: "20090121 Cisco Unified Communications Manager CAPF Denial of Service Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a61928.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-0057", datePublished: "2009-01-22T18:00:00", dateReserved: "2009-01-07T00:00:00", dateUpdated: "2024-08-07T04:17:10.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3874
Vulnerability from cvelistv5
Published
2017-03-17 22:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96914 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038037 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.320Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96914", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96914", }, { name: "1038037", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038037", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-03-17T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "96914", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96914", }, { name: "1038037", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038037", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3874", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "96914", refsource: "BID", url: "http://www.securityfocus.com/bid/96914", }, { name: "1038037", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038037", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3874", datePublished: "2017-03-17T22:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1282
Vulnerability from cvelistv5
Published
2021-01-20 19:56
Modified
2024-11-12 20:25
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1282", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:52:27.260753Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:25:49.702Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-35", description: "CWE-35", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-20T19:56:13", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-20T16:00:00", ID: "CVE-2021-1282", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-35", }, ], }, ], }, references: { reference_data: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], }, source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1282", datePublished: "2021-01-20T19:56:13.175139Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:25:49.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1240
Vulnerability from cvelistv5
Published
2013-05-04 01:00
Modified
2024-09-16 17:47
Severity ?
EPSS score ?
Summary
The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:57:03.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130503 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-05-04T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130503 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-1240", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130503 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-1240", datePublished: "2013-05-04T01:00:00Z", dateReserved: "2013-01-11T00:00:00Z", dateUpdated: "2024-09-16T17:47:47.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12710
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-21 19:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12710", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:56:37.678957Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:11:42.873Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:51", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject", }, ], source: { advisory: "cisco-sa-20191002-cuc-inject", defect: [ [ "CSCvo42378", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager SQL Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-12710", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager SQL Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.9", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Cisco Unified Communications Manager SQL Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject", }, ], }, source: { advisory: "cisco-sa-20191002-cuc-inject", defect: [ [ "CSCvo42378", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12710", datePublished: "2019-10-02T19:06:51.506212Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-21T19:11:42.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12357
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101988 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039916 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:36:56.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "101988", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101988", }, { name: "1039916", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039916", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-11-30T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-01T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "101988", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101988", }, { name: "1039916", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039916", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-12357", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "101988", refsource: "BID", url: "http://www.securityfocus.com/bid/101988", }, { name: "1039916", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039916", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-12357", datePublished: "2017-11-30T09:00:00", dateReserved: "2017-08-03T00:00:00", dateUpdated: "2024-08-05T18:36:56.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15963
Vulnerability from cvelistv5
Published
2020-09-23 00:27
Modified
2024-11-13 18:03
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:03:32.513Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200122 Cisco Unified Communications Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-15963", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:23:43.815502Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:03:07.693Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-01-22T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-23T00:27:17", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200122 Cisco Unified Communications Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure", }, ], source: { advisory: "cisco-sa-20200122-cuc-info-disclosure", defect: [ [ "CSCvr00922", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-01-22T16:00:00", ID: "CVE-2019-15963", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "20200122 Cisco Unified Communications Manager Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-cuc-info-disclosure", }, ], }, source: { advisory: "cisco-sa-20200122-cuc-info-disclosure", defect: [ [ "CSCvr00922", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-15963", datePublished: "2020-09-23T00:27:17.490785Z", dateReserved: "2019-09-06T00:00:00", dateUpdated: "2024-11-13T18:03:07.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3135
Vulnerability from cvelistv5
Published
2020-09-23 00:25
Modified
2024-11-13 18:06
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-NbhZTxL | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:24:00.801Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200122 Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-NbhZTxL", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3135", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:24:01.991554Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:06:39.329Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-01-22T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-23T00:25:30", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200122 Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-NbhZTxL", }, ], source: { advisory: "cisco-sa-ucm-csrf-NbhZTxL", defect: [ [ "CSCuy76946", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-01-22T16:00:00", ID: "CVE-2020-3135", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352", }, ], }, ], }, references: { reference_data: [ { name: "20200122 Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-NbhZTxL", }, ], }, source: { advisory: "cisco-sa-ucm-csrf-NbhZTxL", defect: [ [ "CSCuy76946", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3135", datePublished: "2020-09-23T00:25:30.206055Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-13T18:06:39.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3802
Vulnerability from cvelistv5
Published
2017-01-26 07:45
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037655 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/95636 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager 12.0(0.99000.9) |
Version: Cisco Unified Communications Manager 12.0(0.99000.9) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.058Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1037655", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037655", }, { name: "95636", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95636", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager 12.0(0.99000.9)", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager 12.0(0.99000.9)", }, ], }, ], datePublic: "2017-01-26T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-25T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1037655", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037655", }, { name: "95636", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95636", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3802", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager 12.0(0.99000.9)", version: { version_data: [ { version_value: "Cisco Unified Communications Manager 12.0(0.99000.9)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "1037655", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037655", }, { name: "95636", refsource: "BID", url: "http://www.securityfocus.com/bid/95636", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3802", datePublished: "2017-01-26T07:45:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-0632
Vulnerability from cvelistv5
Published
2009-03-12 15:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/34082 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/52589 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1021839 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49196 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/34238 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/0675 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T04:40:05.122Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "34082", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/34082", }, { name: "52589", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/52589", }, { name: "20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml", }, { name: "20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html", }, { name: "1021839", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1021839", }, { name: "cucm-pab-privilege-escalation(49196)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49196", }, { name: "34238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34238", }, { name: "ADV-2009-0675", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0675", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-03-11T00:00:00", descriptions: [ { lang: "en", value: "The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "34082", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/34082", }, { name: "52589", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/52589", }, { name: "20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml", }, { name: "20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html", }, { name: "1021839", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1021839", }, { name: "cucm-pab-privilege-escalation(49196)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49196", }, { name: "34238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34238", }, { name: "ADV-2009-0675", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0675", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-0632", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "34082", refsource: "BID", url: "http://www.securityfocus.com/bid/34082", }, { name: "52589", refsource: "OSVDB", url: "http://osvdb.org/52589", }, { name: "20090311 Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a8643c.shtml", }, { name: "20090311 Identifying and Mitigating Exploitation of the Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a86434.html", }, { name: "1021839", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1021839", }, { name: "cucm-pab-privilege-escalation(49196)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/49196", }, { name: "34238", refsource: "SECUNIA", url: "http://secunia.com/advisories/34238", }, { name: "ADV-2009-0675", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/0675", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-0632", datePublished: "2009-03-12T15:00:00", dateReserved: "2009-02-18T00:00:00", dateUpdated: "2024-08-07T04:40:05.122Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2834
Vulnerability from cvelistv5
Published
2010-09-23 18:00
Modified
2024-09-17 02:57
Severity ?
EPSS score ?
Summary
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:46:48.597Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-09-23T18:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-2834", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-2834", datePublished: "2010-09-23T18:00:00Z", dateReserved: "2010-07-23T00:00:00Z", dateUpdated: "2024-09-17T02:57:58.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0728
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32834 | x_refsource_CONFIRM | |
| http://osvdb.org/103221 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/65499 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.085Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32834", }, { name: "103221", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/103221", }, { name: "65499", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65499", }, { name: "20140211 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-11T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-14T17:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32834", }, { name: "103221", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/103221", }, { name: "65499", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65499", }, { name: "20140211 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0728", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32834", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32834", }, { name: "103221", refsource: "OSVDB", url: "http://osvdb.org/103221", }, { name: "65499", refsource: "BID", url: "http://www.securityfocus.com/bid/65499", }, { name: "20140211 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0728", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.085Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0731
Vulnerability from cvelistv5
Published
2014-02-22 21:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32915 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140218 Cisco Unified Communications Manager Java Class File Availability Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32915", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-24T05:57:03", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140218 Cisco Unified Communications Manager Java Class File Availability Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32915", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0731", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140218 Cisco Unified Communications Manager Java Class File Availability Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0731", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32915", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32915", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0731", datePublished: "2014-02-22T21:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20211
Vulnerability from cvelistv5
Published
2023-08-16 21:43
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Unified Communications Manager |
Version: 12.0(1)SU1 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.0(1)SU4 Version: 12.0(1)SU5 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14 Version: 14SU1 Version: 14SU2 Version: 14SU3 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-injection-g6MbwH2", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-injection-g6MbwH2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU7a", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unified Communications Manager / Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "10.5(2)SU10", }, { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(1)SU1", }, { status: "affected", version: "10.5(1)SU1a", }, { status: "affected", version: "10.5(2)", }, { status: "affected", version: "10.5(2)SU1", }, { status: "affected", version: "10.5(2)SU2", }, { status: "affected", version: "10.5(2)SU3", }, { status: "affected", version: "10.5(2)SU4", }, { status: "affected", version: "10.5(2)SU5", }, { status: "affected", version: "10.5(2)SU6", }, { status: "affected", version: "10.5(2)SU7", }, { status: "affected", version: "10.5(2)SU8", }, { status: "affected", version: "10.5(2)SU9", }, { status: "affected", version: "10.5(2)SU2a", }, { status: "affected", version: "10.5(2)SU3a", }, { status: "affected", version: "10.5(2)SU4a", }, { status: "affected", version: "10.5(2)SU6a", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.0(1a)", }, { status: "affected", version: "11.0(1a)SU1", }, { status: "affected", version: "11.0(1a)SU2", }, { status: "affected", version: "11.0(1a)SU3", }, { status: "affected", version: "11.0(1a)SU3a", }, { status: "affected", version: "11.0(1a)SU4", }, { status: "affected", version: "11.0.1", }, { status: "affected", version: "11.0.2", }, { status: "affected", version: "11.0.5", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.5(1)SU1", }, { status: "affected", version: "11.5(1)SU2", }, { status: "affected", version: "11.5(1)SU3", }, { status: "affected", version: "11.5(1)SU3a", }, { status: "affected", version: "11.5(1)SU3b", }, { status: "affected", version: "11.5(1)SU4", }, { status: "affected", version: "11.5(1)SU5", }, { status: "affected", version: "11.5(1)SU6", }, { status: "affected", version: "11.5(1)SU7", }, { status: "affected", version: "11.5(1)SU8", }, { status: "affected", version: "11.5(1)SU9", }, { status: "affected", version: "11.5(1)SU10", }, { status: "affected", version: "11.5(1)SU11", }, { status: "affected", version: "10.0(1)SU2", }, { status: "affected", version: "10.0(1)", }, { status: "affected", version: "10.0(1)SU1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. \r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:58:18.926Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-injection-g6MbwH2", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-injection-g6MbwH2", }, ], source: { advisory: "cisco-sa-cucm-injection-g6MbwH2", defects: [ "CSCwe89928", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20211", datePublished: "2023-08-16T21:43:23.085Z", dateReserved: "2022-10-27T18:47:50.367Z", dateUpdated: "2024-08-02T09:05:35.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0729
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/103220 | vdb-entry, x_refsource_OSVDB | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/65501 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "103220", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/103220", }, { name: "20140211 Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729", }, { name: "65501", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65501", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-11T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-14T17:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "103220", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/103220", }, { name: "20140211 Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729", }, { name: "65501", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65501", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0729", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "103220", refsource: "OSVDB", url: "http://osvdb.org/103220", }, { name: "20140211 Cisco Unified Communications Manager Enterprise Mobility Application Blind SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729", }, { name: "65501", refsource: "BID", url: "http://www.securityfocus.com/bid/65501", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0729", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3287
Vulnerability from cvelistv5
Published
2014-06-10 10:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/68000 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030411 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:35:57.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140609 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287", }, { name: "68000", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68000", }, { name: "1030411", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030411", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-06-09T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-06-13T12:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140609 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287", }, { name: "68000", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68000", }, { name: "1030411", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030411", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3287", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140609 Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3287", }, { name: "68000", refsource: "BID", url: "http://www.securityfocus.com/bid/68000", }, { name: "1030411", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030411", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3287", datePublished: "2014-06-10T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:35:57.143Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3829
Vulnerability from cvelistv5
Published
2017-02-22 02:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037839 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96250 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.062Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2", }, { name: "1037839", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037839", }, { name: "96250", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96250", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-02-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-24T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2", }, { name: "1037839", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037839", }, { name: "96250", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96250", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3829", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2", }, { name: "1037839", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037839", }, { name: "96250", refsource: "BID", url: "http://www.securityfocus.com/bid/96250", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3829", datePublished: "2017-02-22T02:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3821
Vulnerability from cvelistv5
Published
2017-02-22 02:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96241 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037839 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.012Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", }, { name: "96241", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96241", }, { name: "1037839", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037839", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-02-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-24T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", }, { name: "96241", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96241", }, { name: "1037839", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037839", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3821", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", }, { name: "96241", refsource: "BID", url: "http://www.securityfocus.com/bid/96241", }, { name: "1037839", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037839", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3821", datePublished: "2017-02-22T02:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1604
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67122 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/44331 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id?1025449 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/47609 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2011/1122 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:24.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ucm-sip-dos(67122)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67122", }, { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "47609", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/47609", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-27T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "ucm-sip-dos(67122)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67122", }, { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "47609", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/47609", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1604", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ucm-sip-dos(67122)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67122", }, { name: "44331", refsource: "SECUNIA", url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025449", }, { name: "47609", refsource: "BID", url: "http://www.securityfocus.com/bid/47609", }, { name: "ADV-2011-1122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1604", datePublished: "2011-05-03T22:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:37:24.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2838
Vulnerability from cvelistv5
Published
2010-08-26 20:00
Modified
2024-08-07 02:46
Severity ?
EPSS score ?
Summary
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2187 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:46:48.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2010-2187", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/2187", }, { name: "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-08-25T00:00:00", descriptions: [ { lang: "en", value: "The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-09-09T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "ADV-2010-2187", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/2187", }, { name: "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-2838", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2010-2187", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/2187", }, { name: "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-2838", datePublished: "2010-08-26T20:00:00", dateReserved: "2010-07-23T00:00:00", dateUpdated: "2024-08-07T02:46:48.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9206
Vulnerability from cvelistv5
Published
2016-12-14 00:37
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94793 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037424 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager (CUCM) |
Version: Cisco Unified Communications Manager (CUCM) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:42:11.187Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94793", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94793", }, { name: "1037424", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037424", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager (CUCM)", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager (CUCM)", }, ], }, ], datePublic: "2016-12-13T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-20T21:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "94793", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94793", }, { name: "1037424", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037424", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-9206", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager (CUCM)", version: { version_data: [ { version_value: "Cisco Unified Communications Manager (CUCM)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvb64641. Known Affected Releases: 11.5(1.10000.6) 11.5(1.11007.2). Known Fixed Releases: 11.5(1.12900.7) 11.5(1.12900.8) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.468) 12.0(0.98000.536) 12.0(0.98500.6).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "94793", refsource: "BID", url: "http://www.securityfocus.com/bid/94793", }, { name: "1037424", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037424", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-9206", datePublished: "2016-12-14T00:37:00", dateReserved: "2016-11-06T00:00:00", dateUpdated: "2024-08-06T02:42:11.187Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20788
Vulnerability from cvelistv5
Published
2022-04-21 18:50
Modified
2024-11-06 16:22
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220420 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20788", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:46.998433Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:22:41.247Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-21T18:50:34", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220420 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF", }, ], source: { advisory: "cisco-sa-cucm-xss-6MCe4kPF", defect: [ [ "CSCvy86661", "CSCvy86671", "CSCvz16262", "CSCwa91925", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-04-20T16:00:00", ID: "CVE-2022-20788", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20220420 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF", }, ], }, source: { advisory: "cisco-sa-cucm-xss-6MCe4kPF", defect: [ [ "CSCvy86661", "CSCvy86671", "CSCvz16262", "CSCwa91925", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20788", datePublished: "2022-04-21T18:50:34.300870Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:22:41.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1133
Vulnerability from cvelistv5
Published
2013-02-27 21:00
Modified
2024-09-17 04:10
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:49:20.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130227 Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-27T21:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130227 Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-1133", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130227 Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-1133", datePublished: "2013-02-27T21:00:00Z", dateReserved: "2013-01-11T00:00:00Z", dateUpdated: "2024-09-17T04:10:31.903Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1355
Vulnerability from cvelistv5
Published
2021-01-20 20:00
Modified
2024-11-12 20:21
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:16.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1355", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:51:02.669205Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:21:37.534Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-35", description: "CWE-35", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-20T20:00:41", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-20T16:00:00", ID: "CVE-2021-1355", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-35", }, ], }, ], }, references: { reference_data: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], }, source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1355", datePublished: "2021-01-20T20:00:41.453592Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:21:37.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20266
Vulnerability from cvelistv5
Published
2023-08-30 16:18
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.
This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Emergency Responder |
Version: 12.5(1)SU4 Version: 12.5(1)SU8a Version: 14SU3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-priv-esc-D8Bky5eg", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Emergency Responder", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU8a", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU8", }, { status: "affected", version: "14SU2", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU8", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "Improper Verification of Cryptographic Signature", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:58:35.907Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-priv-esc-D8Bky5eg", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg", }, ], source: { advisory: "cisco-sa-cucm-priv-esc-D8Bky5eg", defects: [ "CSCwh30455", "CSCwh30442", "CSCwh29940", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20266", datePublished: "2023-08-30T16:18:42.528Z", dateReserved: "2022-10-27T18:47:50.373Z", dateUpdated: "2024-08-02T09:05:36.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3872
Vulnerability from cvelistv5
Published
2017-03-17 22:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038036 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96916 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm", }, { name: "1038036", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038036", }, { name: "96916", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96916", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-03-17T00:00:00", descriptions: [ { lang: "en", value: "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm", }, { name: "1038036", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038036", }, { name: "96916", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96916", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3872", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm", }, { name: "1038036", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038036", }, { name: "96916", refsource: "BID", url: "http://www.securityfocus.com/bid/96916", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3872", datePublished: "2017-03-17T22:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0722
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-11T00:00:00", descriptions: [ { lang: "en", value: "The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-13T01:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0722", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140211 Cisco Unified Communications Manager Unauthenticated log4jinit Access Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0722", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3808
Vulnerability from cvelistv5
Published
2017-04-20 22:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038318 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97922 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.198Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038318", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038318", }, { name: "97922", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97922", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1038318", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038318", }, { name: "97922", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97922", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3808", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "1038318", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038318", }, { name: "97922", refsource: "BID", url: "http://www.securityfocus.com/bid/97922", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3808", datePublished: "2017-04-20T22:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.198Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1409
Vulnerability from cvelistv5
Published
2021-04-08 04:06
Modified
2024-11-08 23:28
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.265Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1409", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:46:10.154023Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:28:19.973Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:06:13", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1409", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], }, source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1409", datePublished: "2021-04-08T04:06:13.151094Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:28:19.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4272
Vulnerability from cvelistv5
Published
2015-07-14 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39905 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032888 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:11:12.329Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20150713 Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905", }, { name: "1032888", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032888", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-13T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-23T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20150713 Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905", }, { name: "1032888", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032888", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-4272", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCut19580.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20150713 Cisco Unified Communications Manager ccmivr Page Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39905", }, { name: "1032888", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032888", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-4272", datePublished: "2015-07-14T14:00:00", dateReserved: "2015-06-04T00:00:00", dateUpdated: "2024-08-06T06:11:12.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-7030
Vulnerability from cvelistv5
Published
2013-12-12 17:00
Modified
2024-10-29 14:20
Severity ?
EPSS score ?
Summary
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/30237/ | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89649 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/100916 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:cisco:cisco_unified_communications_manager:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cisco_unified_communications_manager", vendor: "cisco", versions: [ { status: "affected", version: "0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2013-7030", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T14:13:14.311016Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T14:20:36.369Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-06T17:53:46.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "30237", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/30237/", }, { name: "cisco-ucm-tftp-info-disc(89649)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89649", }, { name: "100916", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/100916", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-12-12T00:00:00", descriptions: [ { lang: "en", value: "The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "30237", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/30237/", }, { name: "cisco-ucm-tftp-info-disc(89649)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89649", }, { name: "100916", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/100916", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-7030", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "30237", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/30237/", }, { name: "cisco-ucm-tftp-info-disc(89649)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89649", }, { name: "100916", refsource: "OSVDB", url: "http://osvdb.org/100916", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-7030", datePublished: "2013-12-12T17:00:00", dateReserved: "2013-12-09T00:00:00", dateUpdated: "2024-10-29T14:20:36.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3403
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54249 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.929Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-20T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54249", refsource: "SECUNIA", url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3403", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:37.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-0941
Vulnerability from cvelistv5
Published
2011-11-01 19:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=24525 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:14:26.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", }, { name: "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-28T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-11-09T10:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", }, { name: "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-0941", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24525", }, { name: "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-0941", datePublished: "2011-11-01T19:00:00", dateReserved: "2011-02-10T00:00:00", dateUpdated: "2024-08-06T22:14:26.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3375
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36297 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70850 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98408 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1031163 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/61025 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", }, { name: "70850", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70850", }, { name: "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375", }, { name: "cisco-ucm-cve20143375-xss(98408)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408", }, { name: "1031163", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031163", }, { name: "61025", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61025", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-30T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", }, { name: "70850", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70850", }, { name: "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375", }, { name: "cisco-ucm-cve20143375-xss(98408)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408", }, { name: "1031163", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031163", }, { name: "61025", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61025", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3375", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36297", }, { name: "70850", refsource: "BID", url: "http://www.securityfocus.com/bid/70850", }, { name: "20141030 Cisco Unified Communications Manager Service Interface Reflected Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3375", }, { name: "cisco-ucm-cve20143375-xss(98408)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98408", }, { name: "1031163", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031163", }, { name: "61025", refsource: "SECUNIA", url: "http://secunia.com/advisories/61025", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3375", datePublished: "2014-10-31T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3800
Vulnerability from cvelistv5
Published
2008-09-26 16:00
Modified
2024-08-07 09:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31990 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31367 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086 | vdb-entry, signature, x_refsource_OVAL | |
| http://secunia.com/advisories/32013 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2670 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2008/2671 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1020942 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1020939 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:53:00.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31990", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31990", }, { name: "31367", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31367", }, { name: "oval:org.mitre.oval:def:6086", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086", }, { name: "32013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32013", }, { name: "ADV-2008-2670", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { name: "ADV-2008-2671", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { name: "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { name: "1020942", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020942", }, { name: "1020939", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020939", }, { name: "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-24T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "31990", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31990", }, { name: "31367", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31367", }, { name: "oval:org.mitre.oval:def:6086", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086", }, { name: "32013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32013", }, { name: "ADV-2008-2670", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { name: "ADV-2008-2671", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { name: "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { name: "1020942", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020942", }, { name: "1020939", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020939", }, { name: "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-3800", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31990", refsource: "SECUNIA", url: "http://secunia.com/advisories/31990", }, { name: "31367", refsource: "BID", url: "http://www.securityfocus.com/bid/31367", }, { name: "oval:org.mitre.oval:def:6086", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086", }, { name: "32013", refsource: "SECUNIA", url: "http://secunia.com/advisories/32013", }, { name: "ADV-2008-2670", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2670", }, { name: "ADV-2008-2671", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2671", }, { name: "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { name: "1020942", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020942", }, { name: "1020939", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020939", }, { name: "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-3800", datePublished: "2008-09-26T16:00:00", dateReserved: "2008-08-27T00:00:00", dateUpdated: "2024-08-07T09:53:00.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1364
Vulnerability from cvelistv5
Published
2021-01-20 20:00
Modified
2024-11-12 20:21
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:16.726Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1364", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:51:17.205876Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:21:52.438Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-35", description: "CWE-35", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-20T20:00:27", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-20T16:00:00", ID: "CVE-2021-1364", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-35", }, ], }, ], }, references: { reference_data: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], }, source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1364", datePublished: "2021-01-20T20:00:27.841585Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:21:52.438Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3292
Vulnerability from cvelistv5
Published
2014-06-10 10:00
Modified
2024-08-06 10:35
Severity ?
EPSS score ?
Summary
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34574 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030408 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/58315 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:35:57.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", }, { name: "1030408", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030408", }, { name: "58315", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/58315", }, { name: "20140609 Multiple Vulnerabilities in Real-Time Monitoring Tool of Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-06-09T00:00:00", descriptions: [ { lang: "en", value: "The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-29T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", }, { name: "1030408", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030408", }, { name: "58315", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/58315", }, { name: "20140609 Multiple Vulnerabilities in Real-Time Monitoring Tool of Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3292", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34574", }, { name: "1030408", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030408", }, { name: "58315", refsource: "SECUNIA", url: "http://secunia.com/advisories/58315", }, { name: "20140609 Multiple Vulnerabilities in Real-Time Monitoring Tool of Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3292", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3292", datePublished: "2014-06-10T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:35:57.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0206
Vulnerability from cvelistv5
Published
2018-02-22 00:00
Modified
2024-12-02 21:00
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/103146 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040411 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:17.033Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm", }, { name: "103146", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103146", }, { name: "1040411", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040411", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0206", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T18:55:04.251211Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T21:00:19.384Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-02-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-27T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm", }, { name: "103146", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103146", }, { name: "1040411", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040411", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0206", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that submits malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg74815.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucm", }, { name: "103146", refsource: "BID", url: "http://www.securityfocus.com/bid/103146", }, { name: "1040411", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040411", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0206", datePublished: "2018-02-22T00:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-12-02T21:00:19.384Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0686
Vulnerability from cvelistv5
Published
2014-02-04 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/102750 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/65281 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/56818 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90852 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32683 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102750", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/102750", }, { name: "65281", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65281", }, { name: "56818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56818", }, { name: "20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", }, { name: "cisco-ucm-cve20140686-priv-esc(90852)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-31T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-02T19:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "102750", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/102750", }, { name: "65281", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65281", }, { name: "56818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56818", }, { name: "20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", }, { name: "cisco-ucm-cve20140686-priv-esc(90852)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0686", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "102750", refsource: "OSVDB", url: "http://osvdb.org/102750", }, { name: "65281", refsource: "BID", url: "http://www.securityfocus.com/bid/65281", }, { name: "56818", refsource: "SECUNIA", url: "http://secunia.com/advisories/56818", }, { name: "20140131 Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0686", }, { name: "cisco-ucm-cve20140686-priv-esc(90852)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90852", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32683", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0686", datePublished: "2014-02-04T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3319
Vulnerability from cvelistv5
Published
2014-07-14 21:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34909 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030554 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59734 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94436 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:04.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", }, { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "59734", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59734", }, { name: "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319", }, { name: "cucm-cve20143319-dir-trav(94436)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-10T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", }, { name: "1030554", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030554", }, { name: "59734", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59734", }, { name: "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319", }, { name: "cucm-cve20143319-dir-trav(94436)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3319", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34909", }, { name: "1030554", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030554", }, { name: "59734", refsource: "SECUNIA", url: "http://secunia.com/advisories/59734", }, { name: "20140710 Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3319", }, { name: "cucm-cve20143319-dir-trav(94436)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94436", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3319", datePublished: "2014-07-14T21:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:04.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3801
Vulnerability from cvelistv5
Published
2008-09-26 16:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31990 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31367 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32013 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2670 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2008/2671 | vdb-entry, x_refsource_VUPEN | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1020942 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1020939 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:52:59.636Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "31990", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31990", }, { name: "31367", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31367", }, { name: "32013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32013", }, { name: "ADV-2008-2670", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { name: "ADV-2008-2671", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { name: "oval:org.mitre.oval:def:6047", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", }, { name: "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { name: "1020942", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020942", }, { name: "1020939", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020939", }, { name: "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-09-24T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "31990", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31990", }, { name: "31367", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31367", }, { name: "32013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32013", }, { name: "ADV-2008-2670", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2670", }, { name: "ADV-2008-2671", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2671", }, { name: "oval:org.mitre.oval:def:6047", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", }, { name: "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { name: "1020942", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020942", }, { name: "1020939", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020939", }, { name: "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-3801", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "31990", refsource: "SECUNIA", url: "http://secunia.com/advisories/31990", }, { name: "31367", refsource: "BID", url: "http://www.securityfocus.com/bid/31367", }, { name: "32013", refsource: "SECUNIA", url: "http://secunia.com/advisories/32013", }, { name: "ADV-2008-2670", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2670", }, { name: "ADV-2008-2671", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/2671", }, { name: "oval:org.mitre.oval:def:6047", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6047", }, { name: "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml", }, { name: "1020942", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020942", }, { name: "1020939", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020939", }, { name: "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-3801", datePublished: "2008-09-26T16:00:00", dateReserved: "2008-08-27T00:00:00", dateUpdated: "2024-08-07T09:52:59.636Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0376
Vulnerability from cvelistv5
Published
2012-05-03 20:00
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:23:31.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-05-03T20:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2012-0376", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html", refsource: "CONFIRM", url: "http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2012-0376", datePublished: "2012-05-03T20:00:00Z", dateReserved: "2012-01-04T00:00:00Z", dateUpdated: "2024-09-17T02:42:31.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6757
Vulnerability from cvelistv5
Published
2017-08-07 06:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm | x_refsource_CONFIRM | |
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039063 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/100121 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786", }, { name: "1039063", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039063", }, { name: "100121", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100121", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-08-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T09:57:02", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786", }, { name: "1039063", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039063", }, { name: "100121", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100121", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm", }, { name: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786", refsource: "CONFIRM", url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786", }, { name: "1039063", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039063", }, { name: "100121", refsource: "BID", url: "http://www.securityfocus.com/bid/100121", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6757", datePublished: "2017-08-07T06:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:41:17.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2730
Vulnerability from cvelistv5
Published
2008-06-26 17:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43355 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1933/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30848 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29935 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1020361 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:14:14.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cucm-risdatacollector-info-disclosure(43355)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { name: "ADV-2008-1933", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30848", }, { name: "29935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29935", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { name: "1020361", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020361", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cucm-risdatacollector-info-disclosure(43355)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { name: "ADV-2008-1933", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30848", }, { name: "29935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29935", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { name: "1020361", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020361", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-2730", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "cucm-risdatacollector-info-disclosure(43355)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { name: "ADV-2008-1933", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", refsource: "SECUNIA", url: "http://secunia.com/advisories/30848", }, { name: "29935", refsource: "BID", url: "http://www.securityfocus.com/bid/29935", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { name: "1020361", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020361", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-2730", datePublished: "2008-06-26T17:00:00", dateReserved: "2008-06-16T00:00:00", dateUpdated: "2024-08-07T09:14:14.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0411
Vulnerability from cvelistv5
Published
2018-08-01 20:00
Modified
2024-11-26 14:49
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104949 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041407 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager unknown |
Version: Cisco Unified Communications Manager unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss", }, { name: "104949", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104949", }, { name: "1041407", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041407", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0411", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T18:48:51.169519Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T14:49:32.335Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager unknown", }, ], }, ], datePublic: "2018-08-01T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-03T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss", }, { name: "104949", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104949", }, { name: "1041407", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041407", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0411", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager unknown", version: { version_data: [ { version_value: "Cisco Unified Communications Manager unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ucm-xss", }, { name: "104949", refsource: "BID", url: "http://www.securityfocus.com/bid/104949", }, { name: "1041407", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041407", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0411", datePublished: "2018-08-01T20:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-26T14:49:32.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1399
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:28
Severity ?
EPSS score ?
Summary
A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1399", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:46:30.501133Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:28:59.594Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-302", description: "CWE-302", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:05:51", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE", }, ], source: { advisory: "cisco-sa-cucm-selfcare-VRWWWHgE", defect: [ [ "CSCvw88205", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1399", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-302", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Manager Self Care Portal Authorization Bypass Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-VRWWWHgE", }, ], }, source: { advisory: "cisco-sa-cucm-selfcare-VRWWWHgE", defect: [ [ "CSCvw88205", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1399", datePublished: "2021-04-08T04:05:51.330481Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:28:59.594Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0723
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65495 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029756 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723 | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/103222 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:18.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "65495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65495", }, { name: "1029756", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029756", }, { name: "20140211 Cisco Unified Communications Manager IPMA Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723", }, { name: "103222", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/103222", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-11T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-04T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "65495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65495", }, { name: "1029756", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029756", }, { name: "20140211 Cisco Unified Communications Manager IPMA Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723", }, { name: "103222", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/103222", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0723", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "65495", refsource: "BID", url: "http://www.securityfocus.com/bid/65495", }, { name: "1029756", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029756", }, { name: "20140211 Cisco Unified Communications Manager IPMA Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723", }, { name: "103222", refsource: "OSVDB", url: "http://osvdb.org/103222", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0723", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:18.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0591
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023670 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/38498 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:52:19.444Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023670", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { name: "38498", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38498", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-05T16:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023670", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { name: "38498", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38498", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-0591", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1023670", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023670", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, { name: "38498", refsource: "BID", url: "http://www.securityfocus.com/bid/38498", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-0591", datePublished: "2010-03-05T16:00:00Z", dateReserved: "2010-02-10T00:00:00Z", dateUpdated: "2024-09-16T18:19:04.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2562
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:22.650Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-08-29T15:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-2562", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-2562", datePublished: "2011-08-29T15:00:00Z", dateReserved: "2011-06-27T00:00:00Z", dateUpdated: "2024-09-16T23:41:34.042Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4295
Vulnerability from cvelistv5
Published
2015-08-01 01:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=40223 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033174 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:11:12.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20150730 Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=40223", }, { name: "1033174", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1033174", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-30T00:00:00", descriptions: [ { lang: "en", value: "The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-08-14T16:57:05", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20150730 Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=40223", }, { name: "1033174", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1033174", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-4295", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20150730 Cisco Unified Communications Manager Prime Collaboration Deployment Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=40223", }, { name: "1033174", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1033174", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-4295", datePublished: "2015-08-01T01:00:00", dateReserved: "2015-06-04T00:00:00", dateUpdated: "2024-08-06T06:11:12.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0328
Vulnerability from cvelistv5
Published
2018-05-17 03:00
Modified
2024-11-29 15:07
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040929 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040928 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/104200 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager and Cisco Unified Presence |
Version: Cisco Unified Communications Manager and Cisco Unified Presence |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.198Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040929", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040929", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss", }, { name: "1040928", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040928", }, { name: "104200", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104200", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0328", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:37:57.164072Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:07:30.516Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager and Cisco Unified Presence", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager and Cisco Unified Presence", }, ], }, ], datePublic: "2018-05-16T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-17T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1040929", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040929", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss", }, { name: "1040928", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040928", }, { name: "104200", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104200", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0328", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager and Cisco Unified Presence", version: { version_data: [ { version_value: "Cisco Unified Communications Manager and Cisco Unified Presence", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "1040929", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040929", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss", }, { name: "1040928", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040928", }, { name: "104200", refsource: "BID", url: "http://www.securityfocus.com/bid/104200", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0328", datePublished: "2018-05-17T03:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:07:30.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0747
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029843 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33048 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029843", }, { name: "20140225 Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-25T00:00:00", descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-15T16:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029843", }, { name: "20140225 Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0747", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1029843", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029843", }, { name: "20140225 Cisco Unified Communications Manager CAPF CLI Command Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0747", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33048", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0747", datePublished: "2014-02-27T01:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44228
Vulnerability from cvelistv5
Published
2021-12-10 00:00
Modified
2025-02-04 14:25
Severity ?
EPSS score ?
Summary
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j2 |
Version: 2.0-beta9 < log4j-core* |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:17:24.696Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { name: "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { name: "FEDORA-2021-f0f501d01f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { name: "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { name: "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { name: "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { name: "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { name: "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "VU#930724", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { tags: [ "x_transferred", ], url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { tags: [ "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { name: "FEDORA-2021-66d6c484f3", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { tags: [ "x_transferred", ], url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { name: "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { tags: [ "x_transferred", ], url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { tags: [ "x_transferred", ], url: "https://github.com/cisagov/log4j-affected-db", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213189", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { tags: [ "x_transferred", ], url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { name: "20220721 Open-Xchange Security Advisory 2022-07-21", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { name: "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-44228", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T14:25:34.416117Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44228", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-02-04T14:25:37.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Log4j2", vendor: "Apache Software Foundation", versions: [ { changes: [ { at: "2.3.1", status: "unaffected", }, { at: "2.4", status: "affected", }, { at: "2.12.2", status: "unaffected", }, { at: "2.13.0", status: "affected", }, { at: "2.15.0", status: "unaffected", }, ], lessThan: "log4j-core*", status: "affected", version: "2.0-beta9", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.", }, ], descriptions: [ { lang: "en", value: "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.", }, ], metrics: [ { other: { content: { other: "critical", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-03T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://logging.apache.org/log4j/2.x/security.html", }, { name: "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/1", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/2", }, { name: "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/10/3", }, { url: "https://security.netapp.com/advisory/ntap-20211210-0007/", }, { url: "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", }, { url: "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html", }, { name: "DSA-5020", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-5020", }, { name: "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html", }, { name: "FEDORA-2021-f0f501d01f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/", }, { name: "Microsoft’s Response to CVE-2021-44228 Apache Log4j 2", tags: [ "vendor-advisory", ], url: "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/", }, { name: "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/2", }, { name: "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/13/1", }, { name: "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/14/4", }, { name: "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "VU#930724", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/930724", }, { url: "https://twitter.com/kurtseifried/status/1469345530182455296", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf", }, { url: "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html", }, { url: "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html", }, { url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html", }, { name: "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", }, { name: "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2021/12/15/3", }, { url: "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html", }, { url: "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html", }, { url: "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html", }, { url: "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html", }, { url: "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf", }, { name: "FEDORA-2021-66d6c484f3", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/", }, { url: "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", }, { url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { url: "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html", }, { url: "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md", }, { url: "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html", }, { name: "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Mar/23", }, { url: "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001", }, { url: "https://github.com/cisagov/log4j-affected-db", }, { url: "https://support.apple.com/kb/HT213189", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228", }, { url: "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html", }, { name: "20220721 Open-Xchange Security Advisory 2022-07-21", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Jul/11", }, { url: "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html", }, { url: "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html", }, { name: "20221208 Intel Data Center Manager <= 5.1 Local Privileges Escalation", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/Dec/2", }, { url: "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-44228", datePublished: "2021-12-10T00:00:00.000Z", dateReserved: "2021-11-26T00:00:00.000Z", dateUpdated: "2025-02-04T14:25:37.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1606
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44331 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67124 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1025449 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/1122 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/47611 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:24.571Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "ucm-sip-message-dos(67124)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67124", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "47611", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/47611", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-27T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "ucm-sip-message-dos(67124)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67124", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "47611", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/47611", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1606", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "44331", refsource: "SECUNIA", url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "ucm-sip-message-dos(67124)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67124", }, { name: "1025449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "47611", refsource: "BID", url: "http://www.securityfocus.com/bid/47611", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1606", datePublished: "2011-05-03T22:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:37:24.571Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2072
Vulnerability from cvelistv5
Published
2011-10-03 23:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1026110 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=24129 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:46:00.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1026110", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1026110", }, { name: "20110928 Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml", }, { name: "20110928 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml", }, { name: "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-09-28T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-19T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1026110", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1026110", }, { name: "20110928 Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml", }, { name: "20110928 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml", }, { name: "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-2072", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1026110", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1026110", }, { name: "20110928 Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml", }, { name: "20110928 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml", }, { name: "20110928 Cisco Unified Communications Manager Memory Leak Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=24129", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-2072", datePublished: "2011-10-03T23:00:00", dateReserved: "2011-05-10T00:00:00", dateUpdated: "2024-08-06T22:46:00.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2564
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1025969 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:22.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { name: "1025969", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025969", }, { name: "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-08-24T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-06T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { name: "1025969", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025969", }, { name: "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-2564", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { name: "1025969", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025969", }, { name: "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-2564", datePublished: "2011-08-29T15:00:00", dateReserved: "2011-06-27T00:00:00", dateUpdated: "2024-08-06T23:08:22.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12707
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-21 19:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-xss | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-xss", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:56:38.949717Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:11:52.335Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:50", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-xss", }, ], source: { advisory: "cisco-sa-20191002-cuc-xss", defect: [ [ "CSCvp14284", "CSCvq12061", "CSCvq13816", ], ], discovery: "INTERNAL", }, title: "Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-12707", STATE: "PUBLIC", TITLE: "Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Multiple Cisco Unified Communications Products Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-xss", }, ], }, source: { advisory: "cisco-sa-20191002-cuc-xss", defect: [ [ "CSCvp14284", "CSCvq12061", "CSCvq13816", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12707", datePublished: "2019-10-02T19:06:51.079226Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-21T19:11:52.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4634
Vulnerability from cvelistv5
Published
2007-08-31 23:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1018624 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/26641 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36326 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25480 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3010 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:01:09.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1018624", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018624", }, { name: "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { name: "26641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26641", }, { name: "cisco-cucm-admin-sql-injection(36326)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36326", }, { name: "25480", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25480", }, { name: "ADV-2007-3010", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3010", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-08-29T00:00:00", descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1018624", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018624", }, { name: "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { name: "26641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26641", }, { name: "cisco-cucm-admin-sql-injection(36326)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36326", }, { name: "25480", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25480", }, { name: "ADV-2007-3010", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3010", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4634", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1018624", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018624", }, { name: "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { name: "26641", refsource: "SECUNIA", url: "http://secunia.com/advisories/26641", }, { name: "cisco-cucm-admin-sql-injection(36326)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36326", }, { name: "25480", refsource: "BID", url: "http://www.securityfocus.com/bid/25480", }, { name: "ADV-2007-3010", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3010", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4634", datePublished: "2007-08-31T23:00:00", dateReserved: "2007-08-31T00:00:00", dateUpdated: "2024-08-07T15:01:09.923Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15972
Vulnerability from cvelistv5
Published
2019-11-26 03:42
Modified
2024-11-21 19:04
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:03:32.567Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191120 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-15972", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:55:39.182309Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:04:30.544Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-11-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-26T03:42:26", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191120 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql", }, ], source: { advisory: "cisco-sa-20191120-cucm-sql", defect: [ [ "CSCvp49463", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager SQL Injection Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-11-20T16:00:00-0800", ID: "CVE-2019-15972", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager SQL Injection Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.4", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20191120 Cisco Unified Communications Manager SQL Injection Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql", }, ], }, source: { advisory: "cisco-sa-20191120-cucm-sql", defect: [ [ "CSCvp49463", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-15972", datePublished: "2019-11-26T03:42:26.244377Z", dateReserved: "2019-09-06T00:00:00", dateUpdated: "2024-11-21T19:04:30.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3450
Vulnerability from cvelistv5
Published
2013-08-03 01:00
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130802 Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-03T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130802 Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3450", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130802 Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3450", datePublished: "2013-08-03T01:00:00Z", dateReserved: "2013-05-06T00:00:00Z", dateUpdated: "2024-09-16T23:01:53.982Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34773
Vulnerability from cvelistv5
Published
2021-11-04 15:35
Modified
2024-11-07 21:43
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:19:48.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34773", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:39:42.356858Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T21:43:41.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-11-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-04T15:35:14", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H", }, ], source: { advisory: "cisco-sa-ucm-csrf-xrTkDu3H", defect: [ [ "CSCvy86674", "CSCvz73888", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-11-03T16:00:00", ID: "CVE-2021-34773", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352", }, ], }, ], }, references: { reference_data: [ { name: "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H", }, ], }, source: { advisory: "cisco-sa-ucm-csrf-xrTkDu3H", defect: [ [ "CSCvy86674", "CSCvz73888", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-34773", datePublished: "2021-11-04T15:35:14.948833Z", dateReserved: "2021-06-15T00:00:00", dateUpdated: "2024-11-07T21:43:41.403Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4869
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85883 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:59:40.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cucm-cve20134869-weak-security(85883)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the \"hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "cucm-cve20134869-weak-security(85883)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-4869", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the \"hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "cucm-cve20134869-weak-security(85883)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85883", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-4869", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-07-17T00:00:00", dateUpdated: "2024-08-06T16:59:40.930Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1188
Vulnerability from cvelistv5
Published
2013-05-16 01:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:49:20.862Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130514 Cisco Unified Communications Manager Authentication Denial of Service", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-05-16T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130514 Cisco Unified Communications Manager Authentication Denial of Service", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-1188", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130514 Cisco Unified Communications Manager Authentication Denial of Service", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1188", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-1188", datePublished: "2013-05-16T01:00:00Z", dateReserved: "2013-01-11T00:00:00Z", dateUpdated: "2024-09-16T17:33:21.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4294
Vulnerability from cvelistv5
Published
2007-08-09 21:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1018538 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/2816 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26362 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25239 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml | vendor-advisory, x_refsource_CISCO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851 | vdb-entry, signature, x_refsource_OVAL | |
| http://osvdb.org/36693 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:53:55.229Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1018538", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018538", }, { name: "ADV-2007-2816", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2816", }, { name: "26362", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26362", }, { name: "25239", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25239", }, { name: "20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml", }, { name: "oval:org.mitre.oval:def:5851", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851", }, { name: "36693", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/36693", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-08-08T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1018538", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018538", }, { name: "ADV-2007-2816", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2816", }, { name: "26362", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26362", }, { name: "25239", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25239", }, { name: "20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml", }, { name: "oval:org.mitre.oval:def:5851", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851", }, { name: "36693", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/36693", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4294", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1018538", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018538", }, { name: "ADV-2007-2816", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2816", }, { name: "26362", refsource: "SECUNIA", url: "http://secunia.com/advisories/26362", }, { name: "25239", refsource: "BID", url: "http://www.securityfocus.com/bid/25239", }, { name: "20070808 Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml", }, { name: "oval:org.mitre.oval:def:5851", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5851", }, { name: "36693", refsource: "OSVDB", url: "http://osvdb.org/36693", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4294", datePublished: "2007-08-09T21:00:00", dateReserved: "2007-08-09T00:00:00", dateUpdated: "2024-08-07T14:53:55.229Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0657
Vulnerability from cvelistv5
Published
2014-01-08 21:00
Modified
2024-08-06 09:20
Severity ?
EPSS score ?
Summary
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/101800 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90120 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/56368 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32341 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/64690 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029571 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:20:19.866Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "101800", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/101800", }, { name: "cisco-ucm-cve20140657-sec-bypass(90120)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90120", }, { name: "56368", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/56368", }, { name: "20140107 Cisco Unified Communications Manager Role Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32341", }, { name: "64690", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64690", }, { name: "1029571", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029571", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-01-07T00:00:00", descriptions: [ { lang: "en", value: "The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "101800", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/101800", }, { name: "cisco-ucm-cve20140657-sec-bypass(90120)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90120", }, { name: "56368", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/56368", }, { name: "20140107 Cisco Unified Communications Manager Role Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32341", }, { name: "64690", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64690", }, { name: "1029571", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029571", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0657", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "101800", refsource: "OSVDB", url: "http://osvdb.org/101800", }, { name: "cisco-ucm-cve20140657-sec-bypass(90120)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90120", }, { name: "56368", refsource: "SECUNIA", url: "http://secunia.com/advisories/56368", }, { name: "20140107 Cisco Unified Communications Manager Role Bypass Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0657", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32341", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32341", }, { name: "64690", refsource: "BID", url: "http://www.securityfocus.com/bid/64690", }, { name: "1029571", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029571", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0657", datePublished: "2014-01-08T21:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:20:19.866Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20259
Vulnerability from cvelistv5
Published
2023-10-04 16:13
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.
This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Emergency Responder |
Version: 12.5(1)SU7 Version: 14 Version: 14SU3 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:36.904Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-apidos-PGsDcdNF", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Emergency Responder", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU7a", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unified Communications Manager IM and Presence Service", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Prime Collaboration Deployment", vendor: "Cisco", versions: [ { status: "affected", version: "14SU3", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "Uncontrolled Resource Consumption", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:58:34.054Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-apidos-PGsDcdNF", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF", }, ], source: { advisory: "cisco-sa-cucm-apidos-PGsDcdNF", defects: [ "CSCwf44755", "CSCwf62074", "CSCwf62081", "CSCwf62094", "CSCwf62080", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20259", datePublished: "2023-10-04T16:13:30.662Z", dateReserved: "2022-10-27T18:47:50.372Z", dateUpdated: "2024-08-02T09:05:36.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-5277
Vulnerability from cvelistv5
Published
2007-07-15 21:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/36122 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2007/2512 | vdb-entry, x_refsource_VUPEN | |
| http://www.iss.net/threats/270.html | third-party-advisory, x_refsource_ISS | |
| http://secunia.com/advisories/26043 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24868 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31437 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1018369 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:48:28.519Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "36122", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/36122", }, { name: "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { name: "ADV-2007-2512", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { name: "20070711 Cisco Call Manager CTLProvider.exe Remote Code Execution", tags: [ "third-party-advisory", "x_refsource_ISS", "x_transferred", ], url: "http://www.iss.net/threats/270.html", }, { name: "26043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26043", }, { name: "24868", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24868", }, { name: "voip-filename-overflow(31437)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31437", }, { name: "1018369", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018369", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-07-11T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "36122", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/36122", }, { name: "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { name: "ADV-2007-2512", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { name: "20070711 Cisco Call Manager CTLProvider.exe Remote Code Execution", tags: [ "third-party-advisory", "x_refsource_ISS", ], url: "http://www.iss.net/threats/270.html", }, { name: "26043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26043", }, { name: "24868", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24868", }, { name: "voip-filename-overflow(31437)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31437", }, { name: "1018369", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018369", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-5277", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "36122", refsource: "OSVDB", url: "http://www.osvdb.org/36122", }, { name: "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { name: "ADV-2007-2512", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2512", }, { name: "20070711 Cisco Call Manager CTLProvider.exe Remote Code Execution", refsource: "ISS", url: "http://www.iss.net/threats/270.html", }, { name: "26043", refsource: "SECUNIA", url: "http://secunia.com/advisories/26043", }, { name: "24868", refsource: "BID", url: "http://www.securityfocus.com/bid/24868", }, { name: "voip-filename-overflow(31437)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31437", }, { name: "1018369", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018369", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-5277", datePublished: "2007-07-15T21:00:00", dateReserved: "2006-10-13T00:00:00", dateUpdated: "2024-08-07T19:48:28.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1743
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42414 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, { name: "cucm-ctl-dos(42414)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, { name: "cucm-ctl-dos(42414)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1743", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, { name: "cucm-ctl-dos(42414)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1743", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-4633
Vulnerability from cvelistv5
Published
2007-08-31 23:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1018624 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/26641 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36325 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25480 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3010 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:01:10.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1018624", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018624", }, { name: "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { name: "26641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26641", }, { name: "cisco-cucm-admin-xss(36325)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325", }, { name: "25480", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/25480", }, { name: "ADV-2007-3010", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3010", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-08-29T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1018624", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018624", }, { name: "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { name: "26641", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26641", }, { name: "cisco-cucm-admin-xss(36325)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325", }, { name: "25480", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/25480", }, { name: "ADV-2007-3010", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3010", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-4633", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1018624", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018624", }, { name: "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", }, { name: "26641", refsource: "SECUNIA", url: "http://secunia.com/advisories/26641", }, { name: "cisco-cucm-admin-xss(36325)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36325", }, { name: "25480", refsource: "BID", url: "http://www.securityfocus.com/bid/25480", }, { name: "ADV-2007-3010", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3010", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-4633", datePublished: "2007-08-31T23:00:00", dateReserved: "2007-08-31T00:00:00", dateUpdated: "2024-08-07T15:01:10.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6360
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035650 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035649 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp | vendor-advisory, x_refsource_CISCO | |
| http://www.debian.org/security/2016/dsa-3539 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securitytracker.com/id/1035651 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035636 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035648 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035652 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1035637 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:21.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035650", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035650", }, { name: "1035649", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035649", }, { name: "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp", }, { name: "DSA-3539", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3539", }, { name: "1035651", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035651", }, { name: "1035636", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035636", }, { name: "1035648", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035648", }, { name: "1035652", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035652", }, { name: "1035637", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035637", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-20T00:00:00", descriptions: [ { lang: "en", value: "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-03T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1035650", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035650", }, { name: "1035649", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035649", }, { name: "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp", }, { name: "DSA-3539", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3539", }, { name: "1035651", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035651", }, { name: "1035636", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035636", }, { name: "1035648", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035648", }, { name: "1035652", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035652", }, { name: "1035637", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035637", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6360", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035650", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035650", }, { name: "1035649", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035649", }, { name: "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp", }, { name: "DSA-3539", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3539", }, { name: "1035651", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035651", }, { name: "1035636", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035636", }, { name: "1035648", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035648", }, { name: "1035652", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035652", }, { name: "1035637", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035637", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6360", datePublished: "2016-04-21T10:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:21.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20859
Vulnerability from cvelistv5
Published
2022-07-06 20:30
Modified
2024-11-06 16:11
Severity ?
EPSS score ?
Summary
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:50.281Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220706 Cisco Unified Communications Products Access Control Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20859", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:01.703536Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:11:17.930Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T20:30:56", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220706 Cisco Unified Communications Products Access Control Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY", }, ], source: { advisory: "cisco-sa-ucm-access-dMKvV2DY", defect: [ [ "CSCvz16246", "CSCwc12673", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Access Control Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-07-06T16:00:00", ID: "CVE-2022-20859", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Access Control Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "20220706 Cisco Unified Communications Products Access Control Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY", }, ], }, source: { advisory: "cisco-sa-ucm-access-dMKvV2DY", defect: [ [ "CSCvz16246", "CSCwc12673", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20859", datePublished: "2022-07-06T20:30:56.958683Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:11:17.930Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3460
Vulnerability from cvelistv5
Published
2013-08-25 01:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028938 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.070Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1028938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-21T00:00:00", descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-11T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1028938", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3460", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1028938", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3460", datePublished: "2013-08-25T01:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:38.070Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3374
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98407 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/70849 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36295 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031162 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/59696 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.406Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-ucm-cve20143374-xss(98407)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407", }, { name: "70849", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70849", }, { name: "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", }, { name: "1031162", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031162", }, { name: "59696", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59696", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-30T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-ucm-cve20143374-xss(98407)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407", }, { name: "70849", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70849", }, { name: "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", }, { name: "1031162", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031162", }, { name: "59696", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59696", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "cisco-ucm-cve20143374-xss(98407)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98407", }, { name: "70849", refsource: "BID", url: "http://www.securityfocus.com/bid/70849", }, { name: "20141030 Cisco Unified Communications Manager Admin Interface Reflected Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3374", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36295", }, { name: "1031162", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031162", }, { name: "59696", refsource: "SECUNIA", url: "http://secunia.com/advisories/59696", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3374", datePublished: "2014-10-31T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.406Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12337
Vulnerability from cvelistv5
Published
2017-11-16 07:00
Modified
2024-08-05 18:36
Severity ?
EPSS score ?
Summary
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101865 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1039815 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039817 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039814 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039818 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039819 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039820 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039813 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1039816 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Voice Operating System |
Version: Cisco Voice Operating System |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:36:56.360Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "101865", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101865", }, { name: "1039815", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039815", }, { name: "1039817", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039817", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", }, { name: "1039814", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039814", }, { name: "1039818", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039818", }, { name: "1039819", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039819", }, { name: "1039820", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039820", }, { name: "1039813", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039813", }, { name: "1039816", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039816", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Voice Operating System", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Voice Operating System", }, ], }, ], datePublic: "2017-11-16T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-17T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "101865", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101865", }, { name: "1039815", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039815", }, { name: "1039817", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039817", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", }, { name: "1039814", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039814", }, { name: "1039818", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039818", }, { name: "1039819", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039819", }, { name: "1039820", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039820", }, { name: "1039813", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039813", }, { name: "1039816", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039816", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-12337", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Voice Operating System", version: { version_data: [ { version_value: "Cisco Voice Operating System", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-287", }, ], }, ], }, references: { reference_data: [ { name: "101865", refsource: "BID", url: "http://www.securityfocus.com/bid/101865", }, { name: "1039815", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039815", }, { name: "1039817", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039817", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos", }, { name: "1039814", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039814", }, { name: "1039818", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039818", }, { name: "1039819", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039819", }, { name: "1039820", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039820", }, { name: "1039813", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039813", }, { name: "1039816", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039816", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-12337", datePublished: "2017-11-16T07:00:00", dateReserved: "2017-08-03T00:00:00", dateUpdated: "2024-08-05T18:36:56.360Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-8008
Vulnerability from cvelistv5
Published
2015-01-22 11:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/72263 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1031604 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008 | vendor-advisory, x_refsource_CISCO | |
| https://tools.cisco.com/security/center/viewAlert.x?alertId=37111 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:10:49.451Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "72263", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/72263", }, { name: "1031604", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031604", }, { name: "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008", }, { name: "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-21T00:00:00", descriptions: [ { lang: "en", value: "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-30T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "72263", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/72263", }, { name: "1031604", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031604", }, { name: "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008", }, { name: "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-8008", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "72263", refsource: "BID", url: "http://www.securityfocus.com/bid/72263", }, { name: "1031604", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031604", }, { name: "20150121 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008", }, { name: "20150126 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/viewAlert.x?alertId=37111", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-8008", datePublished: "2015-01-22T11:00:00", dateReserved: "2014-10-08T00:00:00", dateUpdated: "2024-08-06T13:10:49.451Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3338
Vulnerability from cvelistv5
Published
2014-08-12 23:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60054 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338 | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95246 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id/1030710 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=35258 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69176 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "60054", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60054", }, { name: "20140811 Cisco Unified Communications Manager CTIManager Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338", }, { name: "cucm-cve20143338-command-exec(95246)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246", }, { name: "1030710", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030710", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", }, { name: "69176", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69176", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-08-11T00:00:00", descriptions: [ { lang: "en", value: "The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "60054", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60054", }, { name: "20140811 Cisco Unified Communications Manager CTIManager Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338", }, { name: "cucm-cve20143338-command-exec(95246)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246", }, { name: "1030710", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030710", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", }, { name: "69176", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69176", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3338", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "60054", refsource: "SECUNIA", url: "http://secunia.com/advisories/60054", }, { name: "20140811 Cisco Unified Communications Manager CTIManager Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338", }, { name: "cucm-cve20143338-command-exec(95246)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95246", }, { name: "1030710", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030710", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35258", }, { name: "69176", refsource: "BID", url: "http://www.securityfocus.com/bid/69176", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3338", datePublished: "2014-08-12T23:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20791
Vulnerability from cvelistv5
Published
2022-07-06 20:30
Modified
2024-11-06 16:12
Severity ?
EPSS score ?
Summary
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20791", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:05.663098Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:12:16.607Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-36", description: "CWE-36", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T20:30:23", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd", }, ], source: { advisory: "cisco-sa-cucm-imp-afr-YBFLNyzd", defect: [ [ "CSCvz07265", "CSCvz32980", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Arbitrary File Read Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-07-06T16:00:00", ID: "CVE-2022-20791", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Arbitrary File Read Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-36", }, ], }, ], }, references: { reference_data: [ { name: "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd", }, ], }, source: { advisory: "cisco-sa-cucm-imp-afr-YBFLNyzd", defect: [ [ "CSCvz07265", "CSCvz32980", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20791", datePublished: "2022-07-06T20:30:23.819159Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:12:16.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20790
Vulnerability from cvelistv5
Published
2022-04-21 18:50
Modified
2024-11-06 16:22
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220420 Cisco Unified Communications Products Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20790", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:44.993507Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:22:18.650Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "CWE-23", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-21T18:50:45", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220420 Cisco Unified Communications Products Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3", }, ], source: { advisory: "cisco-sa-ucm-file-read-h8h4HEJ3", defect: [ [ "CSCvy86655", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Arbitrary File Read Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-04-20T16:00:00", ID: "CVE-2022-20790", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Arbitrary File Read Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-23", }, ], }, ], }, references: { reference_data: [ { name: "20220420 Cisco Unified Communications Products Arbitrary File Read Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3", }, ], }, source: { advisory: "cisco-sa-ucm-file-read-h8h4HEJ3", defect: [ [ "CSCvy86655", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20790", datePublished: "2022-04-21T18:50:45.706675Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:22:18.650Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3836
Vulnerability from cvelistv5
Published
2017-02-22 02:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96251 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037840 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:40.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96251", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96251", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3", }, { name: "1037840", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037840", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-02-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-24T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "96251", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96251", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3", }, { name: "1037840", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037840", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3836", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "96251", refsource: "BID", url: "http://www.securityfocus.com/bid/96251", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3", }, { name: "1037840", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037840", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3836", datePublished: "2017-02-22T02:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:40.651Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1643
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-09-17 00:10
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:24.118Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-08-29T15:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1643", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1643", datePublished: "2011-08-29T15:00:00Z", dateReserved: "2011-04-05T00:00:00Z", dateUpdated: "2024-09-17T00:10:43.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20488
Vulnerability from cvelistv5
Published
2024-08-21 18:35
Modified
2024-08-21 19:54
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: 12.5(1)SU2 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.5(1)SU1 Version: 12.5(1) Version: 12.0(1)SU1 Version: 12.5(1)SU3 Version: 12.0(1)SU4 Version: 12.5(1)SU4 Version: 14 Version: 12.0(1)SU5 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14SU3 Version: 12.5(1)SU8 Version: 12.5(1)SU8a Version: 15 Version: 14SU4 Version: 14SU4a Version: 12.5(1)SU9 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20488", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-21T19:54:31.643272Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-21T19:54:39.624Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "14", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "14SU2", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU7a", }, { status: "affected", version: "14SU3", }, { status: "affected", version: "12.5(1)SU8", }, { status: "affected", version: "12.5(1)SU8a", }, { status: "affected", version: "15", }, { status: "affected", version: "14SU4", }, { status: "affected", version: "14SU4a", }, { status: "affected", version: "12.5(1)SU9", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-21T18:35:03.580Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-xss-9zmfHyZ", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-9zmfHyZ", }, ], source: { advisory: "cisco-sa-cucm-xss-9zmfHyZ", defects: [ "CSCwi00276", ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20488", datePublished: "2024-08-21T18:35:03.580Z", dateReserved: "2023-11-08T15:08:07.685Z", dateUpdated: "2024-08-21T19:54:39.624Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2061
Vulnerability from cvelistv5
Published
2008-06-26 17:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/29933 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43349 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1933/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30848 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1020360 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:49:56.936Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "29933", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29933", }, { name: "cucm-ctimanager-dos(43349)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349", }, { name: "ADV-2008-1933", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30848", }, { name: "1020360", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020360", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "29933", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29933", }, { name: "cucm-ctimanager-dos(43349)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349", }, { name: "ADV-2008-1933", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30848", }, { name: "1020360", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020360", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-2061", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "29933", refsource: "BID", url: "http://www.securityfocus.com/bid/29933", }, { name: "cucm-ctimanager-dos(43349)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349", }, { name: "ADV-2008-1933", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", refsource: "SECUNIA", url: "http://secunia.com/advisories/30848", }, { name: "1020360", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020360", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-2061", datePublished: "2008-06-26T17:00:00", dateReserved: "2008-05-02T00:00:00", dateUpdated: "2024-08-07T08:49:56.936Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1406
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:28
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1406", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:46:27.298346Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:28:49.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-538", description: "CWE-538", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:05:55", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", }, ], source: { advisory: "cisco-sa-cucm-inf-disc-wCxZNjL2", defect: [ [ "CSCvv21048", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1406", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.9", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-538", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Manager Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-inf-disc-wCxZNjL2", }, ], }, source: { advisory: "cisco-sa-cucm-inf-disc-wCxZNjL2", defect: [ [ "CSCvv21048", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1406", datePublished: "2021-04-08T04:05:55.718686Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:28:49.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2054
Vulnerability from cvelistv5
Published
2009-08-27 16:31
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36152 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36498 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/57456 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1022775 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:36:20.971Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36498", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "57456", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/57456", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022775", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-26T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-02T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36498", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "57456", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/57456", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022775", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-2054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "36499", refsource: "SECUNIA", url: "http://secunia.com/advisories/36499", }, { name: "36152", refsource: "BID", url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", refsource: "SECUNIA", url: "http://secunia.com/advisories/36498", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "57456", refsource: "OSVDB", url: "http://osvdb.org/57456", }, { name: "1022775", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022775", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-2054", datePublished: "2009-08-27T16:31:00", dateReserved: "2009-06-12T00:00:00", dateUpdated: "2024-08-07T05:36:20.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-3315
Vulnerability from cvelistv5
Published
2011-10-27 21:00
Modified
2024-09-17 02:31
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:29:56.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20111026 Cisco Unified Communications Manager Directory Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm", }, { name: "20111026 Cisco Unified Contact Center Express Directory Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-27T21:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20111026 Cisco Unified Communications Manager Directory Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm", }, { name: "20111026 Cisco Unified Contact Center Express Directory Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-3315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20111026 Cisco Unified Communications Manager Directory Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm", }, { name: "20111026 Cisco Unified Contact Center Express Directory Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-3315", datePublished: "2011-10-27T21:00:00Z", dateReserved: "2011-08-29T00:00:00Z", dateUpdated: "2024-09-17T02:31:56.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3433
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61297 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/54249 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/95404 | vdb-entry, x_refsource_OSVDB | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.001Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "61297", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/61297", }, { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54249", }, { name: "95404", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/95404", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-17T21:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "61297", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/61297", }, { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54249", }, { name: "95404", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/95404", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "61297", refsource: "BID", url: "http://www.securityfocus.com/bid/61297", }, { name: "54249", refsource: "SECUNIA", url: "http://secunia.com/advisories/54249", }, { name: "95404", refsource: "OSVDB", url: "http://osvdb.org/95404", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3433", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:38.001Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1380
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:16.861Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1380", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:46:44.102443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:29:20.175Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:05:41", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1380", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], }, source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1380", datePublished: "2021-04-08T04:05:41.656202Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:29:20.175Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4206
Vulnerability from cvelistv5
Published
2015-12-15 02:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034430 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/79196 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:04:03.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1034430", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034430", }, { name: "20151214 Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm", }, { name: "79196", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/79196", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-14T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-05T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1034430", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034430", }, { name: "20151214 Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm", }, { name: "79196", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/79196", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-4206", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1034430", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034430", }, { name: "20151214 Cisco Unified Communications Manager Web Management Interface Cross-Site Scripting Filter Bypass Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151214-ucm", }, { name: "79196", refsource: "BID", url: "http://www.securityfocus.com/bid/79196", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-4206", datePublished: "2015-12-15T02:00:00", dateReserved: "2015-06-04T00:00:00", dateUpdated: "2024-08-06T06:04:03.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3177
Vulnerability from cvelistv5
Published
2020-04-15 20:10
Modified
2024-11-15 17:31
Severity ?
EPSS score ?
Summary
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:24:00.625Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200415 Cisco Unified Communications Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3177", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:21:56.033007Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T17:31:41.239Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-04-15T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T20:10:20", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200415 Cisco Unified Communications Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r", }, ], source: { advisory: "cisco-sa-cucm-taps-path-trav-pfsFO93r", defect: [ [ "CSCvq58268", "CSCvt33058", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-04-15T16:00:00-0700", ID: "CVE-2020-3177", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20200415 Cisco Unified Communications Manager Path Traversal Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r", }, ], }, source: { advisory: "cisco-sa-cucm-taps-path-trav-pfsFO93r", defect: [ [ "CSCvq58268", "CSCvt33058", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3177", datePublished: "2020-04-15T20:10:20.904083Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T17:31:41.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0717
Vulnerability from cvelistv5
Published
2015-05-16 14:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38763 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032278 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:17:32.818Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20150508 Cisco Unified Communications Manager root Shell Access Local Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=38763", }, { name: "1032278", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032278", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-08T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-30T15:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20150508 Cisco Unified Communications Manager root Shell Access Local Privilege Escalation Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=38763", }, { name: "1032278", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032278", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-0717", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20150508 Cisco Unified Communications Manager root Shell Access Local Privilege Escalation Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=38763", }, { name: "1032278", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032278", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-0717", datePublished: "2015-05-16T14:00:00", dateReserved: "2015-01-07T00:00:00", dateUpdated: "2024-08-06T04:17:32.818Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0733
Vulnerability from cvelistv5
Published
2014-02-20 11:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32914 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.742Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140218 Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32914", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-20T04:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140218 Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32914", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0733", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140218 Cisco Unified Communications Manager Enterprise License Manager Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0733", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32914", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32914", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0733", datePublished: "2014-02-20T11:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.742Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3315
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=34900 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/68477 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/59739 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/94430 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", }, { name: "68477", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68477", }, { name: "59739", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59739", }, { name: "cucm-cve20143315-xss(94430)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-09T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", }, { name: "68477", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68477", }, { name: "59739", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59739", }, { name: "cucm-cve20143315-xss(94430)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3315", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140709 Cisco Unified Communications Manager DNA Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3315", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=34900", }, { name: "68477", refsource: "BID", url: "http://www.securityfocus.com/bid/68477", }, { name: "59739", refsource: "SECUNIA", url: "http://secunia.com/advisories/59739", }, { name: "cucm-cve20143315-xss(94430)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/94430", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3315", datePublished: "2014-07-10T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0724
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32825 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:18.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32825", }, { name: "20140211 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-11T00:00:00", descriptions: [ { lang: "en", value: "The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-13T01:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32825", }, { name: "20140211 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0724", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32825", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32825", }, { name: "20140211 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0724", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:18.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1357
Vulnerability from cvelistv5
Published
2021-01-20 20:00
Modified
2024-11-12 20:21
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:16.882Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1357", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:51:10.647000Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:21:44.853Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-35", description: "CWE-35", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-20T20:00:34", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-20T16:00:00", ID: "CVE-2021-1357", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-35", }, ], }, ], }, references: { reference_data: [ { name: "20210120 Cisco Unified Communications Products Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6", }, ], }, source: { advisory: "cisco-sa-imp-trav-inj-dM687ZD6", defect: [ [ "CSCvv20974", "CSCvv20985", "CSCvv62642", "CSCvv62648", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1357", datePublished: "2021-01-20T20:00:34.904614Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:21:44.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2062
Vulnerability from cvelistv5
Published
2008-06-26 17:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43355 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2008/1933/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30848 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/29935 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1020361 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:49:57.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cucm-risdatacollector-info-disclosure(43355)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { name: "ADV-2008-1933", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30848", }, { name: "29935", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29935", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { name: "1020361", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020361", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cucm-risdatacollector-info-disclosure(43355)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { name: "ADV-2008-1933", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30848", }, { name: "29935", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29935", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { name: "1020361", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020361", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-2062", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "cucm-risdatacollector-info-disclosure(43355)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355", }, { name: "ADV-2008-1933", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1933/references", }, { name: "30848", refsource: "SECUNIA", url: "http://secunia.com/advisories/30848", }, { name: "29935", refsource: "BID", url: "http://www.securityfocus.com/bid/29935", }, { name: "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml", }, { name: "1020361", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020361", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-2062", datePublished: "2008-06-26T17:00:00", dateReserved: "2008-05-02T00:00:00", dateUpdated: "2024-08-07T08:49:57.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0734
Vulnerability from cvelistv5
Published
2014-02-20 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32916 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/65645 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.200Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140218 Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32916", }, { name: "65645", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65645", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-04T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140218 Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32916", }, { name: "65645", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65645", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0734", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140218 Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0734", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32916", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32916", }, { name: "65645", refsource: "BID", url: "http://www.securityfocus.com/bid/65645", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0734", datePublished: "2014-02-20T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-5538
Vulnerability from cvelistv5
Published
2007-10-18 00:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26105 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/37940 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/3532 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37247 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1018828 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/27296 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:31:59.183Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "26105", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/26105", }, { name: "37940", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/37940", }, { name: "ADV-2007-3532", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/3532", }, { name: "cucm-tftp-filename-bo(37247)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247", }, { name: "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { name: "1018828", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1018828", }, { name: "27296", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/27296", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-10-17T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "26105", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/26105", }, { name: "37940", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/37940", }, { name: "ADV-2007-3532", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/3532", }, { name: "cucm-tftp-filename-bo(37247)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247", }, { name: "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { name: "1018828", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1018828", }, { name: "27296", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/27296", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-5538", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "26105", refsource: "BID", url: "http://www.securityfocus.com/bid/26105", }, { name: "37940", refsource: "OSVDB", url: "http://osvdb.org/37940", }, { name: "ADV-2007-3532", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/3532", }, { name: "cucm-tftp-filename-bo(37247)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/37247", }, { name: "20071017 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda34.shtml", }, { name: "1018828", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1018828", }, { name: "27296", refsource: "SECUNIA", url: "http://secunia.com/advisories/27296", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-5538", datePublished: "2007-10-18T00:00:00", dateReserved: "2007-10-17T00:00:00", dateUpdated: "2024-08-07T15:31:59.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1607
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67127 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/44331 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id?1025449 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/1122 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/47608 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:24.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-ucm-dir-traversal(67127)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127", }, { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "47608", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/47608", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-27T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-ucm-dir-traversal(67127)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127", }, { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "47608", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/47608", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1607", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "cisco-ucm-dir-traversal(67127)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67127", }, { name: "44331", refsource: "SECUNIA", url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "47608", refsource: "BID", url: "http://www.securityfocus.com/bid/47608", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1607", datePublished: "2011-05-03T22:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:37:24.611Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4487
Vulnerability from cvelistv5
Published
2012-03-01 01:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:18.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-03-01T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-4487", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-4487", datePublished: "2012-03-01T01:00:00Z", dateReserved: "2011-11-21T00:00:00Z", dateUpdated: "2024-09-17T00:26:09.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6689
Vulnerability from cvelistv5
Published
2013-11-16 02:00
Modified
2024-09-16 16:14
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=31758 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:46:22.714Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20131113 Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31758", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an \"overload\" of the command-line utility, aka Bug ID CSCui58229.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-11-16T02:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20131113 Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31758", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-6689", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an \"overload\" of the command-line utility, aka Bug ID CSCui58229.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20131113 Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31758", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31758", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-6689", datePublished: "2013-11-16T02:00:00Z", dateReserved: "2013-11-07T00:00:00Z", dateUpdated: "2024-09-16T16:14:02.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2185
Vulnerability from cvelistv5
Published
2014-04-29 10:00
Modified
2024-08-06 10:06
Severity ?
EPSS score ?
Summary
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:06:00.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140428 Cisco Unified Communications Manager CDR Management Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-28T00:00:00", descriptions: [ { lang: "en", value: "The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-04-29T05:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140428 Cisco Unified Communications Manager CDR Management Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-2185", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140428 Cisco Unified Communications Manager CDR Management Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2185", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-2185", datePublished: "2014-04-29T10:00:00", dateReserved: "2014-02-25T00:00:00", dateUpdated: "2024-08-06T10:06:00.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-4269
Vulnerability from cvelistv5
Published
2015-07-14 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032886 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39877 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:11:12.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032886", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032886", }, { name: "20150713 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39877", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-13T00:00:00", descriptions: [ { lang: "en", value: "The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-23T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1032886", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032886", }, { name: "20150713 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39877", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-4269", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Tomcat throttling feature in Cisco Unified Communications Manager 10.5(1.99995.9) allows remote authenticated users to cause a denial of service (management outage) by sending many requests, aka Bug ID CSCuu99709.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032886", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032886", }, { name: "20150713 Cisco Unified Communications Manager Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39877", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-4269", datePublished: "2015-07-14T14:00:00", dateReserved: "2015-06-04T00:00:00", dateUpdated: "2024-08-06T06:11:12.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-0027
Vulnerability from cvelistv5
Published
2008-01-17 02:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/486432/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/0171 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/3551 | third-party-advisory, x_refsource_SREASON | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml | vendor-advisory, x_refsource_CISCO | |
| http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39704 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1019223 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/27313 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28530 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T07:32:23.600Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/486432/100/0/threaded", }, { name: "ADV-2008-0171", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0171", }, { name: "3551", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/3551", }, { name: "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", }, { name: "cisco-cucm-ctl-bo(39704)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", }, { name: "1019223", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1019223", }, { name: "27313", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27313", }, { name: "28530", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28530", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-01-16T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-15T20:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/486432/100/0/threaded", }, { name: "ADV-2008-0171", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0171", }, { name: "3551", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/3551", }, { name: "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", }, { tags: [ "x_refsource_MISC", ], url: "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", }, { name: "cisco-cucm-ctl-bo(39704)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", }, { name: "1019223", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1019223", }, { name: "27313", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27313", }, { name: "28530", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28530", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-0027", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/486432/100/0/threaded", }, { name: "ADV-2008-0171", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0171", }, { name: "3551", refsource: "SREASON", url: "http://securityreason.com/securityalert/3551", }, { name: "20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml", }, { name: "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", refsource: "MISC", url: "http://dvlabs.tippingpoint.com/advisory/TPTI-08-02", }, { name: "cisco-cucm-ctl-bo(39704)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39704", }, { name: "1019223", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1019223", }, { name: "27313", refsource: "BID", url: "http://www.securityfocus.com/bid/27313", }, { name: "28530", refsource: "SECUNIA", url: "http://secunia.com/advisories/28530", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-0027", datePublished: "2008-01-17T02:00:00", dateReserved: "2007-12-17T00:00:00", dateUpdated: "2024-08-07T07:32:23.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0198
Vulnerability from cvelistv5
Published
2018-03-27 09:00
Modified
2024-12-02 20:56
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040342 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102965 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:17.060Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", }, { name: "1040342", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040342", }, { name: "102965", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102965", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0198", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T19:11:09.965624Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T20:56:03.985Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-03-27T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-27T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", }, { name: "1040342", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040342", }, { name: "102965", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102965", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0198", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-693", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1", }, { name: "1040342", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040342", }, { name: "102965", refsource: "BID", url: "http://www.securityfocus.com/bid/102965", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0198", datePublished: "2018-03-27T09:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-12-02T20:56:03.985Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6425
Vulnerability from cvelistv5
Published
2015-12-16 15:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/79275 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1034431 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:21.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20151215 Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim", }, { name: "79275", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/79275", }, { name: "1034431", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034431", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-12-15T00:00:00", descriptions: [ { lang: "en", value: "The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-05T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20151215 Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim", }, { name: "79275", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/79275", }, { name: "1034431", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034431", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6425", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20151215 Cisco Unified Communications Manager Web Applications Identity Management Subsystem Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim", }, { name: "79275", refsource: "BID", url: "http://www.securityfocus.com/bid/79275", }, { name: "1034431", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034431", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6425", datePublished: "2015-12-16T15:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:21.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1408
Vulnerability from cvelistv5
Published
2021-04-08 04:06
Modified
2024-11-08 23:28
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.137Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1408", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:46:15.548335Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:28:29.902Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:06:08", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1408", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], }, source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1408", datePublished: "2021-04-08T04:06:08.437938Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:28:29.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2563
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1025969 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:23.754Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { name: "1025969", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025969", }, { name: "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-08-24T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-10-06T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { name: "1025969", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025969", }, { name: "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-2563", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, { name: "1025969", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025969", }, { name: "20110824 Denial of Service Vulnerabilities in Cisco Intercompany Media Engine", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f533.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-2563", datePublished: "2011-08-29T15:00:00", dateReserved: "2011-06-27T00:00:00", dateUpdated: "2024-08-06T23:08:23.754Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3434
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61296 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/54249 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/95403 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "61296", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/61296", }, { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { name: "95403", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/95403", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-11-17T21:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "61296", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/61296", }, { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { name: "95403", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/95403", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3434", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "61296", refsource: "BID", url: "http://www.securityfocus.com/bid/61296", }, { name: "54249", refsource: "SECUNIA", url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, { name: "95403", refsource: "OSVDB", url: "http://osvdb.org/95403", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3434", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:37.945Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1748
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42419 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.271Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-invite-dos(42419)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-invite-dos(42419)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1748", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-invite-dos(42419)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42419", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1748", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12711
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-21 19:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.309Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Cisco Unified Communications Manager XML External Expansion Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12711", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:56:36.533467Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:11:32.568Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:51", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Cisco Unified Communications Manager XML External Expansion Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe", }, ], source: { advisory: "cisco-sa-20191002-cucm-xxe", defect: [ [ "CSCvp46079", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager XML External Expansion Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-12711", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager XML External Expansion Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-611", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Cisco Unified Communications Manager XML External Expansion Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe", }, ], }, source: { advisory: "cisco-sa-20191002-cucm-xxe", defect: [ [ "CSCvp46079", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12711", datePublished: "2019-10-02T19:06:51.989257Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-21T19:11:32.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3372
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36292 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031159 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/61003 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98404 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/70846 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", }, { name: "1031159", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031159", }, { name: "61003", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61003", }, { name: "cisco-ucm-cve20143372-xss(98404)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404", }, { name: "70846", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70846", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-30T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", }, { name: "1031159", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031159", }, { name: "61003", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61003", }, { name: "cisco-ucm-cve20143372-xss(98404)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404", }, { name: "70846", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70846", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3372", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20141030 Cisco Unified Communications Manager Reports Interface Reflected Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3372", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36292", }, { name: "1031159", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031159", }, { name: "61003", refsource: "SECUNIA", url: "http://secunia.com/advisories/61003", }, { name: "cisco-ucm-cve20143372-xss(98404)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98404", }, { name: "70846", refsource: "BID", url: "http://www.securityfocus.com/bid/70846", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3372", datePublished: "2014-10-31T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.436Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9210
Vulnerability from cvelistv5
Published
2016-12-14 00:37
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94798 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Reporting |
Version: Cisco Unified Reporting |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:42:11.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur", }, { name: "94798", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94798", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Reporting", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Reporting", }, ], }, ], datePublic: "2016-12-13T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-14T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur", }, { name: "94798", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94798", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-9210", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Reporting", version: { version_data: [ { version_value: "Cisco Unified Reporting", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur", }, { name: "94798", refsource: "BID", url: "http://www.securityfocus.com/bid/94798", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-9210", datePublished: "2016-12-14T00:37:00", dateReserved: "2016-11-06T00:00:00", dateUpdated: "2024-08-06T02:42:11.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0740
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33049 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1029843 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", }, { name: "20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029843", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-25T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-15T16:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", }, { name: "20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029843", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0740", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) interface in the OS Administration component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of administrators for requests that make administrative changes, aka Bug ID CSCun00701.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33049", }, { name: "20140225 Cisco Unified Communications Manager OS Administration CSRF Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0740", }, { name: "1029843", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029843", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0740", datePublished: "2014-02-27T01:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3453
Vulnerability from cvelistv5
Published
2013-08-22 22:00
Modified
2024-09-16 22:19
Severity ?
EPSS score ?
Summary
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130821 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-22T22:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130821 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3453", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130821 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3453", datePublished: "2013-08-22T22:00:00Z", dateReserved: "2013-05-06T00:00:00Z", dateUpdated: "2024-09-16T22:19:39.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3462
Vulnerability from cvelistv5
Published
2013-08-25 01:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028938 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1028938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-21T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-11T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1028938", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1028938", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3462", datePublished: "2013-08-25T01:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:38.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1609
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44331 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id?1025449 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/1122 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67125 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/47605 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:25.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "cisco-ucm-sql-injection(67125)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47605", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/47605", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-27T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "cisco-ucm-sql-injection(67125)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47605", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/47605", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1609", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "44331", refsource: "SECUNIA", url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "cisco-ucm-sql-injection(67125)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67125", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47605", refsource: "BID", url: "http://www.securityfocus.com/bid/47605", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1609", datePublished: "2011-05-03T22:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:37:25.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1226
Vulnerability from cvelistv5
Published
2021-01-13 21:16
Modified
2024-11-12 20:48
Severity ?
EPSS score ?
Summary
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Emergency Responder |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:02:56.128Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210113 Cisco Unified Communications Products Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1226", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:55:09.664547Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T20:48:32.169Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Emergency Responder", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-01-13T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-13T21:16:58", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210113 Cisco Unified Communications Products Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz", }, ], source: { advisory: "cisco-sa-cucm-logging-6QSWKRYz", defect: [ [ "CSCvu52881", "CSCvv32655", "CSCvv32686", "CSCvv32714", "CSCvv68015", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Information Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-01-13T16:00:00", ID: "CVE-2021-1226", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Information Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Emergency Responder", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-532", }, ], }, ], }, references: { reference_data: [ { name: "20210113 Cisco Unified Communications Products Information Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-logging-6QSWKRYz", }, ], }, source: { advisory: "cisco-sa-cucm-logging-6QSWKRYz", defect: [ [ "CSCvu52881", "CSCvv32655", "CSCvv32686", "CSCvv32714", "CSCvv68015", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1226", datePublished: "2021-01-13T21:16:58.802018Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-12T20:48:32.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0751
Vulnerability from cvelistv5
Published
2015-05-29 15:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1032407 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=39011 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:17:32.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1032407", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032407", }, { name: "20150526 Cisco IP Phone 7861 Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-26T00:00:00", descriptions: [ { lang: "en", value: "Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-29T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1032407", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032407", }, { name: "20150526 Cisco IP Phone 7861 Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39011", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-0751", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1032407", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032407", }, { name: "20150526 Cisco IP Phone 7861 Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=39011", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-0751", datePublished: "2015-05-29T15:00:00", dateReserved: "2015-01-07T00:00:00", dateUpdated: "2024-08-06T04:17:32.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6779
Vulnerability from cvelistv5
Published
2018-06-07 12:00
Modified
2024-11-29 15:07
Severity ?
EPSS score ?
Summary
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Multiple Cisco Products unknown |
Version: Multiple Cisco Products unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2017-6779", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:43:53.428544Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:07:21.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Multiple Cisco Products unknown", vendor: "n/a", versions: [ { status: "affected", version: "Multiple Cisco Products unknown", }, ], }, ], datePublic: "2018-06-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-399", description: "CWE-399", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-07T11:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6779", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Multiple Cisco Products unknown", version: { version_data: [ { version_value: "Multiple Cisco Products unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-399", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6779", datePublished: "2018-06-07T12:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-11-29T15:07:21.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0474
Vulnerability from cvelistv5
Published
2019-01-10 16:00
Modified
2024-11-21 19:49
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/106538 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:28:10.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190109 Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr", }, { name: "106538", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/106538", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0474", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T19:01:16.933829Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:49:36.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-09T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-14T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190109 Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr", }, { name: "106538", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/106538", }, ], source: { advisory: "cisco-sa-20190109-cucm-creds-disclosr", defect: [ [ "CSCvc21606", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-01-09T16:00:00-0800", ID: "CVE-2018-0474", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view digest credentials in clear text. The vulnerability is due to the incorrect inclusion of saved passwords in configuration pages. An attacker could exploit this vulnerability by logging in to the Cisco Unified Communications Manager web-based management interface and viewing the source code for the configuration page. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "20190109 Cisco Unified Communications Manager Digest Credentials Disclosure Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cucm-creds-disclosr", }, { name: "106538", refsource: "BID", url: "http://www.securityfocus.com/bid/106538", }, ], }, source: { advisory: "cisco-sa-20190109-cucm-creds-disclosr", defect: [ [ "CSCvc21606", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0474", datePublished: "2019-01-10T16:00:00Z", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-21T19:49:36.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6472
Vulnerability from cvelistv5
Published
2016-11-19 02:45
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94364 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037305 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communication Manager 11.5(1.2) |
Version: Cisco Unified Communication Manager 11.5(1.2) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:20.114Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "94364", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94364", }, { name: "1037305", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037305", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communication Manager 11.5(1.2)", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communication Manager 11.5(1.2)", }, ], }, ], datePublic: "2016-11-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-27T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "94364", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94364", }, { name: "1037305", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037305", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-6472", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communication Manager 11.5(1.2)", version: { version_data: [ { version_value: "Cisco Unified Communication Manager 11.5(1.2)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known Affected Releases: 11.5(1.2). Known Fixed Releases: 11.5(1.11950.96) 11.5(1.12900.2) 12.0(0.98000.133) 12.0(0.98000.313) 12.0(0.98000.404).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "94364", refsource: "BID", url: "http://www.securityfocus.com/bid/94364", }, { name: "1037305", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037305", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-6472", datePublished: "2016-11-19T02:45:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:20.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3397
Vulnerability from cvelistv5
Published
2013-06-26 21:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3397 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.946Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130625 Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3397", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-06-26T21:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130625 Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3397", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3397", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130625 Cisco Unified Communications Manager Unified Serviceability CSRF Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3397", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3397", datePublished: "2013-06-26T21:00:00Z", dateReserved: "2013-05-06T00:00:00Z", dateUpdated: "2024-09-17T03:48:56.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0267
Vulnerability from cvelistv5
Published
2018-04-19 20:00
Modified
2024-11-29 15:14
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040719 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/103937 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040719", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040719", }, { name: "103937", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103937", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0267", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:38:24.586220Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:14:53.597Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-04-19T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-04-21T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1040719", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040719", }, { name: "103937", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103937", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0267", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view sensitive information that should have been restricted. Cisco Bug IDs: CSCvf22116.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "1040719", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040719", }, { name: "103937", refsource: "BID", url: "http://www.securityfocus.com/bid/103937", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ucm1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0267", datePublished: "2018-04-19T20:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:14:53.597Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0588
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-09-16 18:14
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38501 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1023670 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:52:19.581Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "38501", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38501", }, { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023670", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-05T16:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "38501", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38501", }, { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023670", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-0588", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "38501", refsource: "BID", url: "http://www.securityfocus.com/bid/38501", }, { name: "1023670", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023670", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-0588", datePublished: "2010-03-05T16:00:00Z", dateReserved: "2010-02-10T00:00:00Z", dateUpdated: "2024-09-16T18:14:35.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3363
Vulnerability from cvelistv5
Published
2014-09-12 01:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1030836 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95882 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=35672 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69739 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/59105 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.166Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363", }, { name: "1030836", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030836", }, { name: "cisco-ucm-cve20143363-xss(95882)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672", }, { name: "69739", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69739", }, { name: "59105", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59105", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-10T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363", }, { name: "1030836", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030836", }, { name: "cisco-ucm-cve20143363-xss(95882)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672", }, { name: "69739", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69739", }, { name: "59105", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59105", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3363", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140910 Cisco Unified Communications Manager Cross-Site Redirection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3363", }, { name: "1030836", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030836", }, { name: "cisco-ucm-cve20143363-xss(95882)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95882", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35672", }, { name: "69739", refsource: "BID", url: "http://www.securityfocus.com/bid/69739", }, { name: "59105", refsource: "SECUNIA", url: "http://secunia.com/advisories/59105", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3363", datePublished: "2014-09-12T01:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3828
Vulnerability from cvelistv5
Published
2017-02-22 02:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037839 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96240 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1037839", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037839", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", }, { name: "96240", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96240", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-02-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-24T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1037839", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037839", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", }, { name: "96240", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96240", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3828", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1037839", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037839", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1", }, { name: "96240", refsource: "BID", url: "http://www.securityfocus.com/bid/96240", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3828", datePublished: "2017-02-22T02:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2837
Vulnerability from cvelistv5
Published
2010-08-26 20:00
Modified
2024-08-07 02:46
Severity ?
EPSS score ?
Summary
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/2187 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:46:48.186Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2010-2187", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/2187", }, { name: "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-08-25T00:00:00", descriptions: [ { lang: "en", value: "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-09-09T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "ADV-2010-2187", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/2187", }, { name: "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-2837", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2010-2187", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/2187", }, { name: "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-2837", datePublished: "2010-08-26T20:00:00", dateReserved: "2010-07-23T00:00:00", dateUpdated: "2024-08-07T02:46:48.186Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6654
Vulnerability from cvelistv5
Published
2017-05-22 01:00
Modified
2024-08-05 15:33
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038512 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98527 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:33:20.440Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038512", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038512", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm", }, { name: "98527", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98527", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-05-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-07T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1038512", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038512", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm", }, { name: "98527", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98527", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6654", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "1038512", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038512", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm", }, { name: "98527", refsource: "BID", url: "http://www.securityfocus.com/bid/98527", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6654", datePublished: "2017-05-22T01:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:33:20.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3282
Vulnerability from cvelistv5
Published
2020-07-02 12:43
Modified
2024-11-15 16:57
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:57.327Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200701 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3282", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:27:27.613814Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:57:04.905Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-07-01T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-02T12:43:36", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200701 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp", }, ], source: { advisory: "cisco-sa-cucm-cuc-imp-xss-OWuSYAp", defect: [ [ "CSCvs29695", "CSCvs59653", "CSCvs59840", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-07-01T16:00:00", ID: "CVE-2020-3282", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20200701 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-OWuSYAp", }, ], }, source: { advisory: "cisco-sa-cucm-cuc-imp-xss-OWuSYAp", defect: [ [ "CSCvs29695", "CSCvs59653", "CSCvs59840", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3282", datePublished: "2020-07-02T12:43:36.321270Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-15T16:57:04.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20116
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Unified Communications Manager |
Version: 12.0(1)SU1 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.0(1)SU4 Version: 12.0(1)SU5 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14 Version: 14SU1 Version: 14SU2 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.868Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-dos-4Ag3yWbD", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU7a", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, ], }, { product: "Cisco Unified Communications Manager / Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "10.5(2)SU10", }, { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(1)SU1", }, { status: "affected", version: "10.5(1)SU1a", }, { status: "affected", version: "10.5(2)", }, { status: "affected", version: "10.5(2)SU1", }, { status: "affected", version: "10.5(2)SU2", }, { status: "affected", version: "10.5(2)SU3", }, { status: "affected", version: "10.5(2)SU4", }, { status: "affected", version: "10.5(2)SU5", }, { status: "affected", version: "10.5(2)SU6", }, { status: "affected", version: "10.5(2)SU7", }, { status: "affected", version: "10.5(2)SU8", }, { status: "affected", version: "10.5(2)SU9", }, { status: "affected", version: "10.5(2)SU2a", }, { status: "affected", version: "10.5(2)SU3a", }, { status: "affected", version: "10.5(2)SU4a", }, { status: "affected", version: "10.5(2)SU6a", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.0(1a)", }, { status: "affected", version: "11.0(1a)SU1", }, { status: "affected", version: "11.0(1a)SU2", }, { status: "affected", version: "11.0(1a)SU3", }, { status: "affected", version: "11.0(1a)SU3a", }, { status: "affected", version: "11.0(1a)SU4", }, { status: "affected", version: "11.0.1", }, { status: "affected", version: "11.0.2", }, { status: "affected", version: "11.0.5", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.5(1)SU1", }, { status: "affected", version: "11.5(1)SU2", }, { status: "affected", version: "11.5(1)SU3", }, { status: "affected", version: "11.5(1)SU3a", }, { status: "affected", version: "11.5(1)SU3b", }, { status: "affected", version: "11.5(1)SU4", }, { status: "affected", version: "11.5(1)SU5", }, { status: "affected", version: "11.5(1)SU6", }, { status: "affected", version: "11.5(1)SU7", }, { status: "affected", version: "11.5(1)SU8", }, { status: "affected", version: "11.5(1)SU9", }, { status: "affected", version: "11.5(1)SU10", }, { status: "affected", version: "11.5(1)SU11", }, { status: "affected", version: "10.0(1)SU2", }, { status: "affected", version: "10.0(1)", }, { status: "affected", version: "10.0(1)SU1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "Loop with Unreachable Exit Condition ('Infinite Loop')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:46.482Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-dos-4Ag3yWbD", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-4Ag3yWbD", }, ], source: { advisory: "cisco-sa-cucm-dos-4Ag3yWbD", defects: [ "CSCwe43377", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20116", datePublished: "2023-06-28T00:00:00", dateReserved: "2022-10-27T00:00:00", dateUpdated: "2024-08-02T08:57:35.868Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3412
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54249 | third-party-advisory, x_refsource_SECUNIA | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.937Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-17T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-20T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "54249", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3412", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54249", refsource: "SECUNIA", url: "http://secunia.com/advisories/54249", }, { name: "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3412", datePublished: "2013-07-18T00:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:37.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20253
Vulnerability from cvelistv5
Published
2024-01-26 17:28
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Unified Contact Center Enterprise |
Version: N/A |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T21:52:31.560Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-rce-bWNzQcUm", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Contact Center Enterprise", vendor: "Cisco", versions: [ { status: "affected", version: "N/A", }, ], }, { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, ], }, { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU7a", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, ], }, { product: "Cisco Unified Contact Center Express", vendor: "Cisco", versions: [ { status: "affected", version: "8.5(1)", }, { status: "affected", version: "9.0(2)SU3ES04", }, { status: "affected", version: "10.0(1)SU1", }, { status: "affected", version: "10.0(1)SU1ES04", }, { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(1)SU1", }, { status: "affected", version: "10.5(1)SU1ES10", }, { status: "affected", version: "10.6(1)", }, { status: "affected", version: "10.6(1)SU1", }, { status: "affected", version: "10.6(1)SU3", }, { status: "affected", version: "10.6(1)SU2", }, { status: "affected", version: "10.6(1)SU3ES03", }, { status: "affected", version: "10.6(1)SU2ES04", }, { status: "affected", version: "10.6(1)SU3ES02", }, { status: "affected", version: "10.6(1)SU3ES01", }, { status: "affected", version: "11.0(1)SU1", }, { status: "affected", version: "11.0(1)SU1ES03", }, { status: "affected", version: "11.0(1)SU1ES02", }, { status: "affected", version: "11.5(1)SU1", }, { status: "affected", version: "11.5(1)SU1ES02", }, { status: "affected", version: "11.5(1)SU1ES01", }, { status: "affected", version: "11.5(1)SU1ES03", }, { status: "affected", version: "11.5(1)ES01", }, { status: "affected", version: "12.0(1)", }, { status: "affected", version: "12.0(1)ES01", }, { status: "affected", version: "12.0(1)ES03", }, { status: "affected", version: "12.0(1)ES04", }, { status: "affected", version: "12.0(1)ES02", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)_SU01_ES03", }, { status: "affected", version: "12.5(1)ES03", }, { status: "affected", version: "12.5(1)_SU01_ES01", }, { status: "affected", version: "12.5(1)_SU02_ES02", }, { status: "affected", version: "12.5(1)_SU01_ES02", }, { status: "affected", version: "12.5(1)_SU02_ES03", }, { status: "affected", version: "12.5(1)ES01", }, { status: "affected", version: "12.5(1)_SU02_ES01", }, { status: "affected", version: "12.5(1)ES02", }, { status: "affected", version: "12.5(1)_SU03_ES01", }, { status: "affected", version: "12.5(1)_SU02_ES04", }, { status: "affected", version: "12.5(1)_SU03_ES02", }, { status: "affected", version: "12.5(1)_SU03_ES03", }, { status: "affected", version: "12.5(1)_SU03_ES04", }, { status: "affected", version: "11.6(1)", }, { status: "affected", version: "11.6(2)", }, { status: "affected", version: "11.6(1)ES01", }, { status: "affected", version: "11.6(2)ES06", }, { status: "affected", version: "11.6(1)ES02", }, { status: "affected", version: "11.6(2)ES01", }, { status: "affected", version: "11.6(2)ES03", }, { status: "affected", version: "11.6(2)ES07", }, { status: "affected", version: "11.6(2)ES08", }, { status: "affected", version: "11.6(2)ES02", }, { status: "affected", version: "11.6(2)ES05", }, { status: "affected", version: "11.6(2)ES04", }, ], }, { product: "Cisco Unified Communications Manager IM and Presence Service", vendor: "Cisco", versions: [ { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(2)", }, { status: "affected", version: "10.5(2a)", }, { status: "affected", version: "10.5(2b)", }, { status: "affected", version: "10.5(2)SU3", }, { status: "affected", version: "10.5(2)SU2a", }, { status: "affected", version: "10.5(2)SU4a", }, { status: "affected", version: "10.5(2)SU4", }, { status: "affected", version: "10.5(1)SU3", }, { status: "affected", version: "10.5(1)SU1", }, { status: "affected", version: "10.5(2)SU1", }, { status: "affected", version: "10.5(2)SU2", }, { status: "affected", version: "10.5(1)SU2", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.5(1)SU1", }, { status: "affected", version: "11.5(1)SU2", }, { status: "affected", version: "11.5(1)SU3", }, { status: "affected", version: "11.5(1)SU3a", }, { status: "affected", version: "11.5(1)SU4", }, { status: "affected", version: "11.5(1)SU5", }, { status: "affected", version: "11.5(1)SU5a", }, { status: "affected", version: "11.5(1)SU6", }, { status: "affected", version: "11.5(1)SU7", }, { status: "affected", version: "11.5(1)SU8", }, { status: "affected", version: "11.5(1)SU9", }, { status: "affected", version: "11.5(1)SU10", }, { status: "affected", version: "11.5(1)SU11", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.0(1)SU1", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, { status: "affected", version: "14SU2a", }, { status: "affected", version: "10.0(1)", }, { status: "affected", version: "10.0(1)SU1", }, { status: "affected", version: "10.0(1)SU2", }, ], }, { product: "Cisco Virtualized Voice Browser", vendor: "Cisco", versions: [ { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.5(1)ES29", }, { status: "affected", version: "11.5(1)ES32", }, { status: "affected", version: "11.5(1)_ES43", }, { status: "affected", version: "11.5(1)_ES54", }, { status: "affected", version: "11.5(1)_ES27", }, { status: "affected", version: "11.5(1)ES36", }, { status: "affected", version: "11.5(1)_ES32", }, { status: "affected", version: "11.5(1)_ES29", }, { status: "affected", version: "11.5(1)_ES36", }, { status: "affected", version: "11.5(1)ES43", }, { status: "affected", version: "11.5(1)_ES53", }, { status: "affected", version: "11.5(1)ES27", }, { status: "affected", version: "11.6(1)", }, { status: "affected", version: "11.6(1)_ES82", }, { status: "affected", version: "11.6(1)_ES22", }, { status: "affected", version: "11.6(1)_ES81", }, { status: "affected", version: "11.6(1)_ES87", }, { status: "affected", version: "11.6(1)_ES84", }, { status: "affected", version: "11.6(1)_ES85", }, { status: "affected", version: "11.6(1)_ES83", }, { status: "affected", version: "11.6(1)_ES80", }, { status: "affected", version: "11.6(1)_ES86", }, { status: "affected", version: "11.6(1)_ES88", }, { status: "affected", version: "12.5(1)_ES04", }, { status: "affected", version: "12.5(1)_ES07", }, { status: "affected", version: "12.5(1)_ES02", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)_ES08", }, { status: "affected", version: "12.5(1)_ES03", }, { status: "affected", version: "12.5(1)_ES06", }, { status: "affected", version: "12.5(1)_ES09", }, { status: "affected", version: "12.5(1)_ES14", }, { status: "affected", version: "12.5(1)SU", }, { status: "affected", version: "12.5(1)_ES15", }, { status: "affected", version: "12.5(1)_SU", }, { status: "affected", version: "12.5(1)_SU_ES01", }, { status: "affected", version: "12.5(1)_ES11", }, { status: "affected", version: "12.5(1)_ES12", }, { status: "affected", version: "12.5(2)_ET", }, { status: "affected", version: "12.5(1)_SU_ES02", }, { status: "affected", version: "12.5(1)_ES10", }, { status: "affected", version: "12.0(1)", }, { status: "affected", version: "12.0(1)_ES02", }, { status: "affected", version: "12.0(1)_ES01", }, { status: "affected", version: "12.0(1)_ES06", }, { status: "affected", version: "12.0(1)_ES07", }, { status: "affected", version: "12.0(1)_ES05", }, { status: "affected", version: "12.0(1)_ES04", }, { status: "affected", version: "12.0(1)_ES03", }, { status: "affected", version: "12.0(1)_ES08", }, { status: "affected", version: "12.6(1)", }, { status: "affected", version: "12.6(1)_ES04", }, { status: "affected", version: "12.6(1)_ES03", }, { status: "affected", version: "12.6(1)_ES09", }, { status: "affected", version: "12.6(1)_ES06", }, { status: "affected", version: "12.6(1)_ES08", }, { status: "affected", version: "12.6(1)_ES05", }, { status: "affected", version: "12.6(2)_ES03", }, { status: "affected", version: "12.6(1)_ES02", }, { status: "affected", version: "12.6(1)_ES01", }, { status: "affected", version: "12.6(2)", }, { status: "affected", version: "12.6(2)_ET01", }, { status: "affected", version: "12.6(2)_ES02", }, { status: "affected", version: "12.6(2)_ES01", }, { status: "affected", version: "12.6(1)_ES07", }, ], }, { product: "Cisco Packaged Contact Center Enterprise", vendor: "Cisco", versions: [ { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(2)", }, { status: "affected", version: "10.5(1)_ES7", }, { status: "affected", version: "10.5(2)_ES8", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.0(2)", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.6(1)", }, { status: "affected", version: "11.6(2)", }, { status: "affected", version: "12.0(1)", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(2)", }, { status: "affected", version: "12.6(1)", }, { status: "affected", version: "12.6(2)", }, ], }, { product: "Cisco Unified Communications Manager / Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "10.5(2)SU10", }, { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(1)SU1", }, { status: "affected", version: "10.5(1)SU1a", }, { status: "affected", version: "10.5(2)", }, { status: "affected", version: "10.5(2)SU1", }, { status: "affected", version: "10.5(2)SU2", }, { status: "affected", version: "10.5(2)SU3", }, { status: "affected", version: "10.5(2)SU4", }, { status: "affected", version: "10.5(2)SU5", }, { status: "affected", version: "10.5(2)SU6", }, { status: "affected", version: "10.5(2)SU7", }, { status: "affected", version: "10.5(2)SU8", }, { status: "affected", version: "10.5(2)SU9", }, { status: "affected", version: "10.5(2)SU2a", }, { status: "affected", version: "10.5(2)SU3a", }, { status: "affected", version: "10.5(2)SU4a", }, { status: "affected", version: "10.5(2)SU6a", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.0(1a)", }, { status: "affected", version: "11.0(1a)SU1", }, { status: "affected", version: "11.0(1a)SU2", }, { status: "affected", version: "11.0(1a)SU3", }, { status: "affected", version: "11.0(1a)SU3a", }, { status: "affected", version: "11.0(1a)SU4", }, { status: "affected", version: "11.0.1", }, { status: "affected", version: "11.0.2", }, { status: "affected", version: "11.0.5", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.5(1)SU1", }, { status: "affected", version: "11.5(1)SU2", }, { status: "affected", version: "11.5(1)SU3", }, { status: "affected", version: "11.5(1)SU3a", }, { status: "affected", version: "11.5(1)SU3b", }, { status: "affected", version: "11.5(1)SU4", }, { status: "affected", version: "11.5(1)SU5", }, { status: "affected", version: "11.5(1)SU6", }, { status: "affected", version: "11.5(1)SU7", }, { status: "affected", version: "11.5(1)SU8", }, { status: "affected", version: "11.5(1)SU9", }, { status: "affected", version: "11.5(1)SU10", }, { status: "affected", version: "11.5(1)SU11", }, { status: "affected", version: "10.0(1)SU2", }, { status: "affected", version: "10.0(1)", }, { status: "affected", version: "10.0(1)SU1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "Deserialization of Untrusted Data", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-02T15:42:33.881Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-rce-bWNzQcUm", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm", }, ], source: { advisory: "cisco-sa-cucm-rce-bWNzQcUm", defects: [ "CSCwe18830", "CSCwe18773", "CSCwe18840", "CSCwd64292", "CSCwd64245", "CSCwd64276", ], discovery: "EXTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2024-20253", datePublished: "2024-01-26T17:28:30.761Z", dateReserved: "2023-11-08T15:08:07.622Z", dateUpdated: "2024-08-01T21:52:31.560Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2052
Vulnerability from cvelistv5
Published
2009-08-27 16:31
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/2915 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36499 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/37039 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1023018 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/36152 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36498 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1022775 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/36676 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:36:20.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2009-2915", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2915", }, { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36499", }, { name: "37039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37039", }, { name: "1023018", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023018", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36498", }, { name: "20091014 Cisco Unified Presence Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022775", }, { name: "36676", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36676", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-26T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to \"tracking of network connections,\" aka Bug IDs CSCsq22534 and CSCsw52371.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-02T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "ADV-2009-2915", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2915", }, { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36499", }, { name: "37039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37039", }, { name: "1023018", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023018", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36498", }, { name: "20091014 Cisco Unified Presence Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022775", }, { name: "36676", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36676", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-2052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to \"tracking of network connections,\" aka Bug IDs CSCsq22534 and CSCsw52371.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2009-2915", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2915", }, { name: "36499", refsource: "SECUNIA", url: "http://secunia.com/advisories/36499", }, { name: "37039", refsource: "SECUNIA", url: "http://secunia.com/advisories/37039", }, { name: "1023018", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023018", }, { name: "36152", refsource: "BID", url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", refsource: "SECUNIA", url: "http://secunia.com/advisories/36498", }, { name: "20091014 Cisco Unified Presence Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022775", }, { name: "36676", refsource: "BID", url: "http://www.securityfocus.com/bid/36676", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-2052", datePublished: "2009-08-27T16:31:00", dateReserved: "2009-06-12T00:00:00", dateUpdated: "2024-08-07T05:36:20.518Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4486
Vulnerability from cvelistv5
Published
2012-03-01 01:00
Modified
2024-09-17 02:56
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:18.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-03-01T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-4486", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20120229 Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-4486", datePublished: "2012-03-01T01:00:00Z", dateReserved: "2011-11-21T00:00:00Z", dateUpdated: "2024-09-17T02:56:57.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3472
Vulnerability from cvelistv5
Published
2013-08-29 10:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1028963 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.029Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1028963", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1028963", }, { name: "20130828 Cisco Unified Communications Manager Enterprise License Manager CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-28T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-11T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1028963", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1028963", }, { name: "20130828 Cisco Unified Communications Manager Enterprise License Manager CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3472", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1028963", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1028963", }, { name: "20130828 Cisco Unified Communications Manager Enterprise License Manager CSRF Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3472", datePublished: "2013-08-29T10:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:38.029Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20242
Vulnerability from cvelistv5
Published
2023-08-16 20:59
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Unified Communications Manager |
Version: 12.0(1)SU1 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.0(1)SU4 Version: 12.0(1)SU5 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 12.5(1)SU8 Version: 14 Version: 14SU1 Version: 14SU2 Version: 14SU3 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:05:35.954Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-imp-xss-QtT4VdsK", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "12.5(1)SU7", }, { status: "affected", version: "12.5(1)SU7a", }, { status: "affected", version: "12.5(1)SU8", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, { status: "affected", version: "14SU3", }, ], }, { product: "Cisco Unified Communications Manager IM and Presence Service", vendor: "Cisco", versions: [ { status: "affected", version: "N/A", }, ], }, { product: "Cisco Unified Communications Manager / Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "10.5(2)SU10", }, { status: "affected", version: "10.5(1)", }, { status: "affected", version: "10.5(1)SU1", }, { status: "affected", version: "10.5(1)SU1a", }, { status: "affected", version: "10.5(2)", }, { status: "affected", version: "10.5(2)SU1", }, { status: "affected", version: "10.5(2)SU2", }, { status: "affected", version: "10.5(2)SU3", }, { status: "affected", version: "10.5(2)SU4", }, { status: "affected", version: "10.5(2)SU5", }, { status: "affected", version: "10.5(2)SU6", }, { status: "affected", version: "10.5(2)SU7", }, { status: "affected", version: "10.5(2)SU8", }, { status: "affected", version: "10.5(2)SU9", }, { status: "affected", version: "10.5(2)SU2a", }, { status: "affected", version: "10.5(2)SU3a", }, { status: "affected", version: "10.5(2)SU4a", }, { status: "affected", version: "10.5(2)SU6a", }, { status: "affected", version: "11.0(1)", }, { status: "affected", version: "11.0(1a)", }, { status: "affected", version: "11.0(1a)SU1", }, { status: "affected", version: "11.0(1a)SU2", }, { status: "affected", version: "11.0(1a)SU3", }, { status: "affected", version: "11.0(1a)SU3a", }, { status: "affected", version: "11.0(1a)SU4", }, { status: "affected", version: "11.0.1", }, { status: "affected", version: "11.0.2", }, { status: "affected", version: "11.0.5", }, { status: "affected", version: "11.5(1)", }, { status: "affected", version: "11.5(1)SU1", }, { status: "affected", version: "11.5(1)SU2", }, { status: "affected", version: "11.5(1)SU3", }, { status: "affected", version: "11.5(1)SU3a", }, { status: "affected", version: "11.5(1)SU3b", }, { status: "affected", version: "11.5(1)SU4", }, { status: "affected", version: "11.5(1)SU5", }, { status: "affected", version: "11.5(1)SU6", }, { status: "affected", version: "11.5(1)SU7", }, { status: "affected", version: "11.5(1)SU8", }, { status: "affected", version: "11.5(1)SU9", }, { status: "affected", version: "11.5(1)SU10", }, { status: "affected", version: "11.5(1)SU11", }, { status: "affected", version: "10.0(1)SU2", }, { status: "affected", version: "10.0(1)", }, { status: "affected", version: "10.0(1)SU1", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:58:29.703Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-imp-xss-QtT4VdsK", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK", }, ], source: { advisory: "cisco-sa-cucm-imp-xss-QtT4VdsK", defects: [ "CSCwh00875", "CSCwh02167", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20242", datePublished: "2023-08-16T20:59:25.126Z", dateReserved: "2022-10-27T18:47:50.370Z", dateUpdated: "2024-08-02T09:05:35.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3442
Vulnerability from cvelistv5
Published
2013-08-03 01:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.951Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130802 Cisco Unified Communications Manager Stack Trace Web Disclosure Issue", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-03T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130802 Cisco Unified Communications Manager Stack Trace Web Disclosure Issue", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3442", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130802 Cisco Unified Communications Manager Stack Trace Web Disclosure Issue", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3442", datePublished: "2013-08-03T01:00:00Z", dateReserved: "2013-05-06T00:00:00Z", dateUpdated: "2024-09-17T02:36:24.047Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0726
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65514 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32843 | x_refsource_CONFIRM | |
| http://osvdb.org/103218 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:18.653Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "65514", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65514", }, { name: "20140212 Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32843", }, { name: "103218", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/103218", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-12T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-04T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "65514", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65514", }, { name: "20140212 Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32843", }, { name: "103218", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/103218", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0726", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "65514", refsource: "BID", url: "http://www.securityfocus.com/bid/65514", }, { name: "20140212 Cisco Unified Communications Manager IPMA Blind SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32843", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32843", }, { name: "103218", refsource: "OSVDB", url: "http://osvdb.org/103218", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0726", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:18.653Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0592
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-09-16 19:20
Severity ?
EPSS score ?
Summary
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023670 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/38497 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:52:19.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023670", }, { name: "38497", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38497", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-05T16:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023670", }, { name: "38497", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38497", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-0592", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1023670", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023670", }, { name: "38497", refsource: "BID", url: "http://www.securityfocus.com/bid/38497", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-0592", datePublished: "2010-03-05T16:00:00Z", dateReserved: "2010-02-10T00:00:00Z", dateUpdated: "2024-09-16T19:20:58.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6791
Vulnerability from cvelistv5
Published
2017-09-07 21:00
Modified
2024-08-05 15:41
Severity ?
EPSS score ?
Summary
A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039286 | vdb-entry, x_refsource_SECTRACK | |
| https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100662 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:41:17.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm", }, { name: "1039286", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1039286", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905", }, { name: "100662", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/100662", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-09-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-09T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm", }, { name: "1039286", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1039286", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905", }, { name: "100662", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/100662", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-6791", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-119", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm", }, { name: "1039286", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1039286", }, { name: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905", refsource: "CONFIRM", url: "https://quickview.cloudapps.cisco.com/quickview/bug/CSCux21905", }, { name: "100662", refsource: "BID", url: "http://www.securityfocus.com/bid/100662", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-6791", datePublished: "2017-09-07T21:00:00", dateReserved: "2017-03-09T00:00:00", dateUpdated: "2024-08-05T15:41:17.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6364
Vulnerability from cvelistv5
Published
2016-08-23 01:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/92517 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036650 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:20.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "92517", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92517", }, { name: "1036650", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036650", }, { name: "20160817 Cisco Unified Communications Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-17T00:00:00", descriptions: [ { lang: "en", value: "The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "92517", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92517", }, { name: "1036650", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036650", }, { name: "20160817 Cisco Unified Communications Manager Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-6364", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "92517", refsource: "BID", url: "http://www.securityfocus.com/bid/92517", }, { name: "1036650", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036650", }, { name: "20160817 Cisco Unified Communications Manager Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-6364", datePublished: "2016-08-23T01:00:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:20.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3451
Vulnerability from cvelistv5
Published
2013-08-03 01:00
Modified
2024-09-17 03:58
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3451 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130802 Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3451", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-08-03T01:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130802 Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3451", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3451", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130802 Cisco Unified Communications Manager Web Page Cross-Site Request Forgery Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3451", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3451", datePublished: "2013-08-03T01:00:00Z", dateReserved: "2013-05-06T00:00:00Z", dateUpdated: "2024-09-17T03:58:34.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-6440
Vulnerability from cvelistv5
Published
2016-10-27 21:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037005 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93521 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4) |
Version: Cisco Unified Communications Manager 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:29:20.087Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1037005", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037005", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm", }, { name: "93521", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/93521", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4)", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4)", }, ], }, ], datePublic: "2016-10-27T00:00:00", descriptions: [ { lang: "en", value: "The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1037005", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037005", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm", }, { name: "93521", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/93521", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2016-6440", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4)", version: { version_data: [ { version_value: "Cisco Unified Communications Manager 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4)", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "1037005", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037005", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm", }, { name: "93521", refsource: "BID", url: "http://www.securityfocus.com/bid/93521", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2016-6440", datePublished: "2016-10-27T21:00:00", dateReserved: "2016-07-26T00:00:00", dateUpdated: "2024-08-06T01:29:20.087Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3798
Vulnerability from cvelistv5
Published
2017-01-26 07:45
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037653 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95872 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:40.385Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1037653", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037653", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", }, { name: "95872", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95872", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-01-26T00:00:00", descriptions: [ { lang: "en", value: "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).", }, ], problemTypes: [ { descriptions: [ { description: "unspecified", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-25T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1037653", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037653", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", }, { name: "95872", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95872", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3798", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unspecified", }, ], }, ], }, references: { reference_data: [ { name: "1037653", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037653", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", }, { name: "95872", refsource: "BID", url: "http://www.securityfocus.com/bid/95872", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3798", datePublished: "2017-01-26T07:45:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:40.385Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3039
Vulnerability from cvelistv5
Published
2010-11-09 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=21656 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/44672 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/514668/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1024694 | vdb-entry, x_refsource_SECTRACK | |
| http://www.nsense.fi/advisories/nsense_2010_003.txt | x_refsource_MISC | |
| http://secunia.com/advisories/42129 | third-party-advisory, x_refsource_SECUNIA | |
| http://seclists.org/fulldisclosure/2010/Nov/40 | mailing-list, x_refsource_FULLDISC | |
| http://www.vupen.com/english/advisories/2010/2915 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:55:46.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", }, { name: "44672", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/44672", }, { name: "20101105 nSense-2010-003: Cisco Unified Communications Manager", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/514668/100/0/threaded", }, { name: "1024694", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1024694", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.nsense.fi/advisories/nsense_2010_003.txt", }, { name: "42129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/42129", }, { name: "20101105 nSense-2010-003: Cisco Unified Communications Manager", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2010/Nov/40", }, { name: "ADV-2010-2915", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/2915", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-11-03T00:00:00", descriptions: [ { lang: "en", value: "/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-10T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", }, { name: "44672", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/44672", }, { name: "20101105 nSense-2010-003: Cisco Unified Communications Manager", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/514668/100/0/threaded", }, { name: "1024694", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1024694", }, { tags: [ "x_refsource_MISC", ], url: "http://www.nsense.fi/advisories/nsense_2010_003.txt", }, { name: "42129", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/42129", }, { name: "20101105 nSense-2010-003: Cisco Unified Communications Manager", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2010/Nov/40", }, { name: "ADV-2010-2915", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/2915", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-3039", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6, 7, and 8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in a request to the administrative interface, aka Bug IDs CSCti52041 and CSCti74930.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=21656", }, { name: "44672", refsource: "BID", url: "http://www.securityfocus.com/bid/44672", }, { name: "20101105 nSense-2010-003: Cisco Unified Communications Manager", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/514668/100/0/threaded", }, { name: "1024694", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1024694", }, { name: "http://www.nsense.fi/advisories/nsense_2010_003.txt", refsource: "MISC", url: "http://www.nsense.fi/advisories/nsense_2010_003.txt", }, { name: "42129", refsource: "SECUNIA", url: "http://secunia.com/advisories/42129", }, { name: "20101105 nSense-2010-003: Cisco Unified Communications Manager", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2010/Nov/40", }, { name: "ADV-2010-2915", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/2915", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-3039", datePublished: "2010-11-09T20:00:00", dateReserved: "2010-08-17T00:00:00", dateUpdated: "2024-08-07T02:55:46.608Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1478
Vulnerability from cvelistv5
Published
2021-05-06 12:41
Modified
2024-11-08 23:20
Severity ?
EPSS score ?
Summary
A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.550Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210505 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1478", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:01:42.318724Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:20:56.407Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-05-05T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-06T12:41:09", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210505 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf", }, ], source: { advisory: "cisco-sa-ucm-dos-OO4SRYEf", defect: [ [ "CSCvx35894", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-05-05T16:00:00", ID: "CVE-2021-1478", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "20210505 Cisco Unified Communications Manager Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-OO4SRYEf", }, ], }, source: { advisory: "cisco-sa-ucm-dos-OO4SRYEf", defect: [ [ "CSCvx35894", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1478", datePublished: "2021-05-06T12:41:09.584050Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:20:56.407Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3373
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373 | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/59692 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/70848 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=36294 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1031161 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98406 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373", }, { name: "59692", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59692", }, { name: "70848", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70848", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", }, { name: "1031161", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031161", }, { name: "cisco-ucm-cve20143373-xss(98406)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-30T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373", }, { name: "59692", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59692", }, { name: "70848", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70848", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", }, { name: "1031161", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031161", }, { name: "cisco-ucm-cve20143373-xss(98406)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3373", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20141030 Cisco Unified Communications Manager DNA Interface Reflected Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3373", }, { name: "59692", refsource: "SECUNIA", url: "http://secunia.com/advisories/59692", }, { name: "70848", refsource: "BID", url: "http://www.securityfocus.com/bid/70848", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=36294", }, { name: "1031161", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031161", }, { name: "cisco-ucm-cve20143373-xss(98406)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98406", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3373", datePublished: "2014-10-31T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.171Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0732
Vulnerability from cvelistv5
Published
2014-02-20 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32913 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.528Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", }, { name: "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-20T02:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", }, { name: "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0732", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32913", }, { name: "20140218 Cisco Unified Communications Manager Real Time Monitoring Tool Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0732", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0732", datePublished: "2014-02-20T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.528Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3459
Vulnerability from cvelistv5
Published
2013-08-25 01:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028938 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:37.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1028938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-21T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-11T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1028938", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3459", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1028938", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3459", datePublished: "2013-08-25T01:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:37.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0743
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1029843 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33044 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029843", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-25T00:00:00", descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-15T16:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029843", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0743", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Certificate Authority Proxy Function (CAPF) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and modify registered-device information via crafted data, aka Bug ID CSCum95468.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140225 Cisco Unified Communications Manager CAPF Unauthenticated Device Information Update Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0743", }, { name: "1029843", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029843", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33044", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0743", datePublished: "2014-02-27T01:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20804
Vulnerability from cvelistv5
Published
2022-04-21 18:50
Modified
2024-11-06 16:21
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220420 Cisco Unified Communications Products Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20804", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:43.925818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:21:58.871Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "CWE-754", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-21T18:50:57", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220420 Cisco Unified Communications Products Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD", }, ], source: { advisory: "cisco-sa-ucm-dos-zHS9X9kD", defect: [ [ "CSCvy44822", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-04-20T23:00:00", ID: "CVE-2022-20804", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-754", }, ], }, ], }, references: { reference_data: [ { name: "20220420 Cisco Unified Communications Products Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-dos-zHS9X9kD", }, ], }, source: { advisory: "cisco-sa-ucm-dos-zHS9X9kD", defect: [ [ "CSCvy44822", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20804", datePublished: "2022-04-21T18:50:57.188533Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:21:58.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-3346
Vulnerability from cvelistv5
Published
2020-08-17 18:01
Modified
2024-11-13 18:14
Severity ?
EPSS score ?
Summary
A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-drASc7sr | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T07:30:58.163Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20200805 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-drASc7sr", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-3346", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:24:43.611426Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:14:10.177Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-08-05T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-17T18:01:29", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20200805 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-drASc7sr", }, ], source: { advisory: "cisco-sa-cucm-selfcare-drASc7sr", defect: [ [ "CSCvt01170", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2020-08-05T16:00:00", ID: "CVE-2020-3346", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20200805 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-selfcare-drASc7sr", }, ], }, source: { advisory: "cisco-sa-cucm-selfcare-drASc7sr", defect: [ [ "CSCvt01170", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2020-3346", datePublished: "2020-08-17T18:01:30.022960Z", dateReserved: "2019-12-12T00:00:00", dateUpdated: "2024-11-13T18:14:10.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-2561
Vulnerability from cvelistv5
Published
2011-08-29 15:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:08:22.977Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2011-08-29T15:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-2561", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-2561", datePublished: "2011-08-29T15:00:00Z", dateReserved: "2011-06-27T00:00:00Z", dateUpdated: "2024-09-17T00:11:11.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1887
Vulnerability from cvelistv5
Published
2019-07-06 01:15
Modified
2024-11-19 19:03
Severity ?
EPSS score ?
Summary
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < 12.0(1)SU3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190703 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1887", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:23:44.284181Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:03:11.614Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "12.0(1)SU3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-07-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-06T01:15:22", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190703 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos", }, ], source: { advisory: "cisco-sa-20190703-cucm-dos", defect: [ [ "CSCvo70834", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-07-03T16:00:00-0700", ID: "CVE-2019-1887", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "12.0(1)SU3", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.6", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-787", }, ], }, ], }, references: { reference_data: [ { name: "20190703 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos", }, ], }, source: { advisory: "cisco-sa-20190703-cucm-dos", defect: [ [ "CSCvo70834", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1887", datePublished: "2019-07-06T01:15:22.705699Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T19:03:11.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0735
Vulnerability from cvelistv5
Published
2014-02-20 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32912 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/65641 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1029793 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.179Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", }, { name: "65641", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65641", }, { name: "1029793", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029793", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-04T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", }, { name: "65641", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65641", }, { name: "1029793", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029793", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0735", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140218 Cisco Unified Communications Manager IPMA Reflected Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0735", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32912", }, { name: "65641", refsource: "BID", url: "http://www.securityfocus.com/bid/65641", }, { name: "1029793", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029793", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0735", datePublished: "2014-02-20T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20800
Vulnerability from cvelistv5
Published
2022-07-06 20:30
Modified
2024-11-06 16:12
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.663Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20800", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:04.675020Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:12:05.975Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T20:30:29", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA", }, ], source: { advisory: "cisco-sa-cucm-xss-RgH7MpKA", defect: [ [ "CSCvy16638", "CSCvz33042", "CSCvz33979", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-07-06T16:00:00", ID: "CVE-2022-20800", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA", }, ], }, source: { advisory: "cisco-sa-cucm-xss-RgH7MpKA", defect: [ [ "CSCvy16638", "CSCvz33042", "CSCvz33979", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20800", datePublished: "2022-07-06T20:30:29.396707Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:12:05.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0749
Vulnerability from cvelistv5
Published
2020-02-19 02:55
Modified
2024-11-15 17:41
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: next of 11.5(0.98000.108) < unspecified |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:17:32.825Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2015-0749", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:29:29.860928Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T17:41:43.310Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "unspecified", status: "affected", version: "next of 11.5(0.98000.108)", versionType: "custom", }, ], }, ], datePublic: "2015-05-22T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Cross-site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-19T02:55:13", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", }, ], source: { advisory: "Cisco-SA-20150522-CVE-2015-0749", defect: [ "CSCut66725", ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2015-05-22T15:00:00.000Z", ID: "CVE-2015-0749", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_affected: ">", version_value: "11.5(0.98000.108)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Cross-site Scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", refsource: "MISC", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749", }, ], }, source: { advisory: "Cisco-SA-20150522-CVE-2015-0749", defect: [ "CSCut66725", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-0749", datePublished: "2020-02-19T02:55:13.277944Z", dateReserved: "2015-01-07T00:00:00", dateUpdated: "2024-11-15T17:41:43.310Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20862
Vulnerability from cvelistv5
Published
2022-07-06 20:31
Modified
2024-11-06 16:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:50.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220706 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20862", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:57:48.397844Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:11:00.685Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "CWE-23", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T20:31:02", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220706 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A", }, ], source: { advisory: "cisco-sa-ucm-file-read-qgjhEc3A", defect: [ [ "CSCvy86663", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Arbitrary File Read Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-07-06T16:00:00", ID: "CVE-2022-20862", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Arbitrary File Read Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-23", }, ], }, ], }, references: { reference_data: [ { name: "20220706 Cisco Unified Communications Manager Arbitrary File Read Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-qgjhEc3A", }, ], }, source: { advisory: "cisco-sa-ucm-file-read-qgjhEc3A", defect: [ [ "CSCvy86663", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20862", datePublished: "2022-07-06T20:31:02.944151Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:11:00.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1134
Vulnerability from cvelistv5
Published
2013-02-27 21:00
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:49:20.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130227 Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-27T21:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130227 Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-1134", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130227 Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-1134", datePublished: "2013-02-27T21:00:00Z", dateReserved: "2013-01-11T00:00:00Z", dateUpdated: "2024-09-16T23:41:58.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3949
Vulnerability from cvelistv5
Published
2012-09-27 00:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/50774 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/85816 | vdb-entry, x_refsource_OSVDB | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/55697 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:21:04.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20120926 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm", }, { name: "50774", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50774", }, { name: "85816", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/85816", }, { name: "20120926 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip", }, { name: "55697", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55697", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-09-26T00:00:00", descriptions: [ { lang: "en", value: "The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-02-01T10:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20120926 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm", }, { name: "50774", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50774", }, { name: "85816", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/85816", }, { name: "20120926 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip", }, { name: "55697", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55697", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2012-3949", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20120926 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm", }, { name: "50774", refsource: "SECUNIA", url: "http://secunia.com/advisories/50774", }, { name: "85816", refsource: "OSVDB", url: "http://osvdb.org/85816", }, { name: "20120926 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip", }, { name: "55697", refsource: "BID", url: "http://www.securityfocus.com/bid/55697", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2012-3949", datePublished: "2012-09-27T00:00:00", dateReserved: "2012-07-10T00:00:00", dateUpdated: "2024-08-06T20:21:04.181Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0727
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/65516 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32844 | x_refsource_CONFIRM | |
| http://osvdb.org/103219 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140212 Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727", }, { name: "65516", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65516", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32844", }, { name: "103219", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/103219", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-12T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-04T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140212 Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727", }, { name: "65516", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65516", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32844", }, { name: "103219", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/103219", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0727", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140212 Cisco Unified Communications Manager CMIVR Blind SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727", }, { name: "65516", refsource: "BID", url: "http://www.securityfocus.com/bid/65516", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32844", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32844", }, { name: "103219", refsource: "OSVDB", url: "http://osvdb.org/103219", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0727", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.035Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0590
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023670 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/38495 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:52:19.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023670", }, { name: "38495", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38495", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-05T16:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023670", }, { name: "38495", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38495", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-0590", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1023670", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023670", }, { name: "38495", refsource: "BID", url: "http://www.securityfocus.com/bid/38495", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-0590", datePublished: "2010-03-05T16:00:00Z", dateReserved: "2010-02-10T00:00:00Z", dateUpdated: "2024-09-16T19:57:03.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1407
Vulnerability from cvelistv5
Published
2021-04-08 04:06
Modified
2024-11-08 23:28
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.034Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1407", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:46:17.832816Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:28:40.089Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:06:03", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1407", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ", }, ], }, source: { advisory: "cisco-sa-cucm-xss-Q4PZcNzJ", defect: [ [ "CSCvu52262", "CSCvv21040", "CSCvv28764", "CSCvv35159", "CSCvw71918", "CSCvx14158", "CSCvx14178", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1407", datePublished: "2021-04-08T04:06:03.200363Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:28:40.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6433
Vulnerability from cvelistv5
Published
2016-01-08 02:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1034583 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:21.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1034583", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034583", }, { name: "20160105 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-05T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-05T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1034583", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034583", }, { name: "20160105 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6433", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1034583", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034583", }, { name: "20160105 Cisco Unified Communications Manager SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6433", datePublished: "2016-01-08T02:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:21.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1605
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/44331 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67123 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1025449 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/1122 | vdb-entry, x_refsource_VUPEN | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/47610 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:24.097Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "cisco-ucm-sip-message-dos(67123)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67123", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47610", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/47610", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-27T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "cisco-ucm-sip-message-dos(67123)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67123", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47610", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/47610", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1605", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "44331", refsource: "SECUNIA", url: "http://secunia.com/advisories/44331", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "cisco-ucm-sip-message-dos(67123)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67123", }, { name: "1025449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47610", refsource: "BID", url: "http://www.securityfocus.com/bid/47610", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1605", datePublished: "2011-05-03T22:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:37:24.097Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3366
Vulnerability from cvelistv5
Published
2014-10-31 10:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/70855 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/98405 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1031160 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "70855", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70855", }, { name: "cisco-ucm-cve20143366-sql-injection(98405)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98405", }, { name: "20141030 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366", }, { name: "1031160", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1031160", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-30T00:00:00", descriptions: [ { lang: "en", value: "SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "70855", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70855", }, { name: "cisco-ucm-cve20143366-sql-injection(98405)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98405", }, { name: "20141030 Cisco Unified Communications Manager SQL Injection Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366", }, { name: "1031160", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1031160", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3366", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "70855", refsource: "BID", url: "http://www.securityfocus.com/bid/70855", }, { name: "cisco-ucm-cve20143366-sql-injection(98405)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/98405", }, { name: "20141030 Cisco Unified Communications Manager SQL Injection Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3366", }, { name: "1031160", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1031160", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3366", datePublished: "2014-10-31T10:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20816
Vulnerability from cvelistv5
Published
2022-08-10 08:11
Modified
2024-11-01 18:55
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.963Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220803 Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20816", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-01T18:40:34.760251Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-01T18:55:09.862Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-08-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-10T08:11:31", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220803 Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE", }, ], source: { advisory: "cisco-sa-cucm-file-delete-N2VPmOnE", defect: [ [ "CSCvz07276", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-08-03T23:00:00", ID: "CVE-2022-20816", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20220803 Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-file-delete-N2VPmOnE", }, ], }, source: { advisory: "cisco-sa-cucm-file-delete-N2VPmOnE", defect: [ [ "CSCvz07276", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20816", datePublished: "2022-08-10T08:11:31.387075Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-01T18:55:09.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6978
Vulnerability from cvelistv5
Published
2013-12-21 11:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/101162 | vdb-entry, x_refsource_OSVDB | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32219 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1029520 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89834 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/64421 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:53:45.860Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "101162", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/101162", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32219", }, { name: "20131218 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978", }, { name: "1029520", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029520", }, { name: "cisco-ucm-cve20136978-info-disc(89834)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89834", }, { name: "64421", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/64421", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-12-18T00:00:00", descriptions: [ { lang: "en", value: "The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading \"extraneous information\" in HTML source code, aka Bug ID CSCuj39249.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "101162", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/101162", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32219", }, { name: "20131218 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978", }, { name: "1029520", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029520", }, { name: "cisco-ucm-cve20136978-info-disc(89834)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89834", }, { name: "64421", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/64421", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-6978", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading \"extraneous information\" in HTML source code, aka Bug ID CSCuj39249.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "101162", refsource: "OSVDB", url: "http://osvdb.org/101162", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32219", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32219", }, { name: "20131218 Cisco Unified Communications Manager Sensitive Information Disclosure Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978", }, { name: "1029520", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029520", }, { name: "cisco-ucm-cve20136978-info-disc(89834)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89834", }, { name: "64421", refsource: "BID", url: "http://www.securityfocus.com/bid/64421", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-6978", datePublished: "2013-12-21T11:00:00", dateReserved: "2013-12-05T00:00:00", dateUpdated: "2024-08-06T17:53:45.860Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20752
Vulnerability from cvelistv5
Published
2022-07-06 20:30
Modified
2024-11-01 19:00
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.510Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220706 Cisco Unified Communications Products Timing Attack Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20752", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-01T18:43:55.058931Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-01T19:00:48.140Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-208", description: "CWE-208", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T20:30:12", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220706 Cisco Unified Communications Products Timing Attack Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK", }, ], source: { advisory: "cisco-sa-ucm-timing-JVbHECOK", defect: [ [ "CSCvz16266", "CSCwa91887", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Timing Attack Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-07-06T16:00:00", ID: "CVE-2022-20752", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Timing Attack Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-208", }, ], }, ], }, references: { reference_data: [ { name: "20220706 Cisco Unified Communications Products Timing Attack Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK", }, ], }, source: { advisory: "cisco-sa-ucm-timing-JVbHECOK", defect: [ [ "CSCvz16266", "CSCwa91887", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20752", datePublished: "2022-07-06T20:30:12.728717Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-01T19:00:48.140Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20010
Vulnerability from cvelistv5
Published
2023-01-19 01:32
Modified
2024-11-21 21:01
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: 12.0(1)SU1 Version: 12.0(1)SU2 Version: 12.0(1)SU3 Version: 12.0(1)SU4 Version: 12.0(1)SU5 Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 12.5(1)SU5 Version: 12.5(1)SU6 Version: 14 Version: 14SU1 Version: 14SU2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:57:35.543Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-sa-cucm-sql-rpPczR8n", tags: [ "x_transferred", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20010", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T21:01:19.133993Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T21:01:29.441Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "12.0(1)SU1", }, { status: "affected", version: "12.0(1)SU2", }, { status: "affected", version: "12.0(1)SU3", }, { status: "affected", version: "12.0(1)SU4", }, { status: "affected", version: "12.0(1)SU5", }, { status: "affected", version: "12.5(1)", }, { status: "affected", version: "12.5(1)SU1", }, { status: "affected", version: "12.5(1)SU2", }, { status: "affected", version: "12.5(1)SU3", }, { status: "affected", version: "12.5(1)SU4", }, { status: "affected", version: "12.5(1)SU5", }, { status: "affected", version: "12.5(1)SU6", }, { status: "affected", version: "14", }, { status: "affected", version: "14SU1", }, { status: "affected", version: "14SU2", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.\r\n\r This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "cvssV3_1", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-25T16:57:30.637Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-sa-cucm-sql-rpPczR8n", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n", }, ], source: { advisory: "cisco-sa-cucm-sql-rpPczR8n", defects: [ "CSCwb37205", "CSCwb37563", ], discovery: "INTERNAL", }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2023-20010", datePublished: "2023-01-19T01:32:08.418Z", dateReserved: "2022-10-27T18:47:50.307Z", dateUpdated: "2024-11-21T21:01:29.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-5528
Vulnerability from cvelistv5
Published
2013-10-11 01:00
Modified
2024-08-06 17:15
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40887/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html | x_refsource_MISC | |
| http://osvdb.org/98336 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/62960 | vdb-entry, x_refsource_BID | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:15:20.743Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "40887", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/40887/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", }, { name: "98336", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/98336", }, { name: "62960", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/62960", }, { name: "20131010 Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-10-10T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-29T21:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "40887", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/40887/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", }, { name: "98336", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/98336", }, { name: "62960", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/62960", }, { name: "20131010 Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-5528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "40887", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/40887/", }, { name: "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", }, { name: "98336", refsource: "OSVDB", url: "http://osvdb.org/98336", }, { name: "62960", refsource: "BID", url: "http://www.securityfocus.com/bid/62960", }, { name: "20131010 Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-5528", datePublished: "2013-10-11T01:00:00", dateReserved: "2013-08-22T00:00:00", dateUpdated: "2024-08-06T17:15:20.743Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15272
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-19 18:53
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:42:03.947Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Cisco Unified Communications Manager Security Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-15272", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:22:36.861839Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T18:53:14.532Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-264", description: "CWE-264", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:55", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Cisco Unified Communications Manager Security Bypass Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass", }, ], source: { advisory: "cisco-sa-20191002-ucm-secbypass", defect: [ [ "CSCvp14434", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Security Bypass Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-15272", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Security Bypass Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-264", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Cisco Unified Communications Manager Security Bypass Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ucm-secbypass", }, ], }, source: { advisory: "cisco-sa-20191002-ucm-secbypass", defect: [ [ "CSCvp14434", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-15272", datePublished: "2019-10-02T19:06:55.659365Z", dateReserved: "2019-08-20T00:00:00", dateUpdated: "2024-11-19T18:53:14.532Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12716
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-21 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12716 | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:53.948Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12716", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-12716", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:56:29.925269Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:10:42.336Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:54", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12716", }, ], source: { advisory: "cisco-sa-20191002-cucm-xss-12716", defect: [ [ "CSCvo42317", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-12716", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xss-12716", }, ], }, source: { advisory: "cisco-sa-20191002-cucm-xss-12716", defect: [ [ "CSCvo42317", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-12716", datePublished: "2019-10-02T19:06:54.369400Z", dateReserved: "2019-06-04T00:00:00", dateUpdated: "2024-11-21T19:10:42.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0340
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:03
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104448 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041070 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager unknown |
Version: Cisco Unified Communications Manager unknown |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss", }, { name: "104448", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104448", }, { name: "1041070", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041070", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0340", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:37:47.963876Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T15:03:54.177Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager unknown", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager unknown", }, ], }, ], datePublic: "2018-06-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-14T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss", }, { name: "104448", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104448", }, { name: "1041070", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041070", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0340", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager unknown", version: { version_data: [ { version_value: "Cisco Unified Communications Manager unknown", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss", }, { name: "104448", refsource: "BID", url: "http://www.securityfocus.com/bid/104448", }, { name: "1041070", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041070", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0340", datePublished: "2018-06-07T21:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-29T15:03:54.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0118
Vulnerability from cvelistv5
Published
2018-01-11 09:00
Modified
2024-12-02 21:47
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102478 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1040193 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:16.874Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm", }, { name: "102478", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102478", }, { name: "1040193", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040193", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0118", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T18:55:55.606981Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T21:47:10.262Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-01-11T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-18T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm", }, { name: "102478", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102478", }, { name: "1040193", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040193", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0118", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm", }, { name: "102478", refsource: "BID", url: "http://www.securityfocus.com/bid/102478", }, { name: "1040193", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040193", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0118", datePublished: "2018-01-11T09:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-12-02T21:47:10.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3886
Vulnerability from cvelistv5
Published
2017-04-07 17:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97432 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1038192 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm", }, { name: "97432", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97432", }, { name: "1038192", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038192", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-04-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).", }, ], problemTypes: [ { descriptions: [ { description: "SQL Injection Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm", }, { name: "97432", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97432", }, { name: "1038192", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038192", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3886", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "SQL Injection Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm", }, { name: "97432", refsource: "BID", url: "http://www.securityfocus.com/bid/97432", }, { name: "1038192", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038192", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3886", datePublished: "2017-04-07T17:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0741
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33046 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029843 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.484Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029843", }, { name: "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-25T00:00:00", descriptions: [ { lang: "en", value: "The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-15T16:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029843", }, { name: "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0741", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33046", }, { name: "1029843", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029843", }, { name: "20140225 Cisco Unified Communications Manager CAPF Certificate Import Arbitrary File Read/Write Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0741", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0741", datePublished: "2014-02-27T01:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.484Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-15403
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:32
Severity ?
EPSS score ?
Summary
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041789 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1041780 | vdb-entry, x_refsource_SECTRACK | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Emergency Responder |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:54:03.605Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041789", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041789", }, { name: "1041780", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041780", }, { name: "20181003 Multiple Cisco Unified Communications Products Open Redirect Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-15403", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T18:48:00.501305Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T14:32:16.775Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Emergency Responder", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-07T09:57:02", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1041789", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041789", }, { name: "1041780", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041780", }, { name: "20181003 Multiple Cisco Unified Communications Products Open Redirect Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect", }, ], source: { advisory: "cisco-sa-20181003-er-ucm-redirect", defect: [ [ "CSCvj48070", "CSCvj56757", "CSCvj56760", "CSCvj59218", ], ], discovery: "UNKNOWN", }, title: "Multiple Cisco Unified Communications Products Open Redirect Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2018-10-03T16:00:00-0500", ID: "CVE-2018-15403", STATE: "PUBLIC", TITLE: "Multiple Cisco Unified Communications Products Open Redirect Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Emergency Responder", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.", }, ], }, impact: { cvss: { baseScore: "4.1", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-601", }, ], }, ], }, references: { reference_data: [ { name: "1041789", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041789", }, { name: "1041780", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041780", }, { name: "20181003 Multiple Cisco Unified Communications Products Open Redirect Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect", }, ], }, source: { advisory: "cisco-sa-20181003-er-ucm-redirect", defect: [ [ "CSCvj48070", "CSCvj56757", "CSCvj56760", "CSCvj59218", ], ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-15403", datePublished: "2018-10-05T14:00:00Z", dateReserved: "2018-08-17T00:00:00", dateUpdated: "2024-11-26T14:32:16.775Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3888
Vulnerability from cvelistv5
Published
2017-04-07 17:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038193 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/97431 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.185Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038193", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038193", }, { name: "97431", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/97431", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-04-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-11T09:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1038193", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038193", }, { name: "97431", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/97431", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3888", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default configuration running an affected software release with the attacker authenticated as the administrative user. More Information: CSCvc83712. Known Affected Releases: 12.0(0.98000.452). Known Fixed Releases: 12.0(0.98000.750) 12.0(0.98000.708) 12.0(0.98000.707) 12.0(0.98000.704) 12.0(0.98000.554) 12.0(0.98000.546) 12.0(0.98000.543) 12.0(0.98000.248) 12.0(0.98000.244) 12.0(0.98000.242).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "1038193", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038193", }, { name: "97431", refsource: "BID", url: "http://www.securityfocus.com/bid/97431", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3888", datePublished: "2017-04-07T17:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.185Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0105
Vulnerability from cvelistv5
Published
2018-01-18 06:00
Modified
2024-12-02 21:43
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1040245 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/102725 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:16.824Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1040245", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040245", }, { name: "102725", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102725", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0105", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T19:11:48.365151Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T21:43:12.946Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-01-18T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-19T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1040245", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040245", }, { name: "102725", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102725", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0105", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "1040245", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040245", }, { name: "102725", refsource: "BID", url: "http://www.securityfocus.com/bid/102725", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0105", datePublished: "2018-01-18T06:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-12-02T21:43:12.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0120
Vulnerability from cvelistv5
Published
2018-02-08 07:00
Modified
2024-12-02 21:23
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102958 | vdb-entry, x_refsource_BID | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040341 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:14:16.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "102958", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/102958", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm", }, { name: "1040341", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040341", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0120", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-02T18:55:29.468398Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-02T21:23:23.910Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2018-02-08T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-89", description: "CWE-89", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-08T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "102958", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/102958", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm", }, { name: "1040341", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040341", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2018-0120", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-89", }, ], }, ], }, references: { reference_data: [ { name: "102958", refsource: "BID", url: "http://www.securityfocus.com/bid/102958", }, { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm", }, { name: "1040341", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040341", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0120", datePublished: "2018-02-08T07:00:00", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-12-02T21:23:23.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34701
Vulnerability from cvelistv5
Published
2021-11-04 15:40
Modified
2024-11-07 21:42
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:19:48.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20211103 Cisco Unified Communications Products Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34701", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-07T21:39:34.487438Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-07T21:42:34.419Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-11-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-04T15:40:34", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20211103 Cisco Unified Communications Products Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO", }, ], source: { advisory: "cisco-sa-cucm-path-trav-dKCvktvO", defect: [ [ "CSCvy64877", "CSCvy89690", "CSCvy89691", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-11-03T16:00:00", ID: "CVE-2021-34701", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "20211103 Cisco Unified Communications Products Path Traversal Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO", }, ], }, source: { advisory: "cisco-sa-cucm-path-trav-dKCvktvO", defect: [ [ "CSCvy64877", "CSCvy89690", "CSCvy89691", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-34701", datePublished: "2021-11-04T15:40:34.136535Z", dateReserved: "2021-06-15T00:00:00", dateUpdated: "2024-11-07T21:42:34.419Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2006-5278
Vulnerability from cvelistv5
Published
2007-07-15 22:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19057 | vdb-entry, x_refsource_XF | |
| http://www.iss.net/threats/271.html | third-party-advisory, x_refsource_ISS | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2007/2512 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26043 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24868 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1018369 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/36121 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T19:48:28.521Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "negative-integer-bo(19057)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057", }, { name: "20070711 Cisco Call Manager RisDC.exe Remote Code Execution", tags: [ "third-party-advisory", "x_refsource_ISS", "x_transferred", ], url: "http://www.iss.net/threats/271.html", }, { name: "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { name: "ADV-2007-2512", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { name: "26043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26043", }, { name: "24868", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24868", }, { name: "1018369", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018369", }, { name: "36121", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/36121", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-07-11T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "negative-integer-bo(19057)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057", }, { name: "20070711 Cisco Call Manager RisDC.exe Remote Code Execution", tags: [ "third-party-advisory", "x_refsource_ISS", ], url: "http://www.iss.net/threats/271.html", }, { name: "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { name: "ADV-2007-2512", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2512", }, { name: "26043", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26043", }, { name: "24868", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24868", }, { name: "1018369", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018369", }, { name: "36121", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/36121", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2006-5278", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "negative-integer-bo(19057)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/19057", }, { name: "20070711 Cisco Call Manager RisDC.exe Remote Code Execution", refsource: "ISS", url: "http://www.iss.net/threats/271.html", }, { name: "20070711 Cisco Unified Communications Manager Overflow Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml", }, { name: "ADV-2007-2512", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2512", }, { name: "26043", refsource: "SECUNIA", url: "http://secunia.com/advisories/26043", }, { name: "24868", refsource: "BID", url: "http://www.securityfocus.com/bid/24868", }, { name: "1018369", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018369", }, { name: "36121", refsource: "OSVDB", url: "http://www.osvdb.org/36121", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2006-5278", datePublished: "2007-07-15T22:00:00", dateReserved: "2006-10-13T00:00:00", dateUpdated: "2024-08-07T19:48:28.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1744
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42415 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.350Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-capf-dos(42415)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-capf-dos(42415)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1744", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-capf-dos(42415)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1744", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3332
Vulnerability from cvelistv5
Published
2014-08-11 20:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95136 | vdb-entry, x_refsource_XF | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332 | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/69068 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030687 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=35198 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:43:05.217Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "cisco-ucm-cve20143332-sec-bypass(95136)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136", }, { name: "20140806 Cisco Unified Communications Manager Concurrent Login Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332", }, { name: "69068", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69068", }, { name: "1030687", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1030687", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-08-06T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "cisco-ucm-cve20143332-sec-bypass(95136)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136", }, { name: "20140806 Cisco Unified Communications Manager Concurrent Login Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332", }, { name: "69068", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69068", }, { name: "1030687", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1030687", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-3332", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an incorrect CLI restrictions setting, which allows remote authenticated users to establish undetected concurrent logins via unspecified vectors, aka Bug ID CSCup98029.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "cisco-ucm-cve20143332-sec-bypass(95136)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95136", }, { name: "20140806 Cisco Unified Communications Manager Concurrent Login Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3332", }, { name: "69068", refsource: "BID", url: "http://www.securityfocus.com/bid/69068", }, { name: "1030687", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030687", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=35198", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-3332", datePublished: "2014-08-11T20:00:00", dateReserved: "2014-05-07T00:00:00", dateUpdated: "2024-08-06T10:43:05.217Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1837
Vulnerability from cvelistv5
Published
2019-04-18 01:25
Modified
2024-11-19 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/108019 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: 10.5 Version: 11.5 Version: 12.0 Version: 12.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:28:42.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190417 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos", }, { name: "108019", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108019", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1837", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T17:24:38.552138Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T19:10:22.397Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "10.5", }, { status: "affected", version: "11.5", }, { status: "affected", version: "12.0", }, { status: "affected", version: "12.5", }, ], }, ], datePublic: "2019-04-17T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-129", description: "CWE-129", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-22T11:06:04", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190417 Cisco Unified Communications Manager Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos", }, { name: "108019", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108019", }, ], source: { advisory: "cisco-sa-20190417-ucm-dos", defect: [ [ "CSCvo08315", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Manager Denial of Service Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-04-17T16:00:00-0700", ID: "CVE-2019-1837", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Manager Denial of Service Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "10.5", }, { version_value: "11.5", }, { version_value: "12.0", }, { version_value: "12.5", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the User Data Services (UDS) API of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this vulnerability by sending a crafted request to the UDS API of an affected device. A successful exploit could allow the attacker to make the A Cisco DB service quit unexpectedly, preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation. Software versions 10.5, 11.5, 12.0, 12.5 are affected.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "5.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-129", }, ], }, ], }, references: { reference_data: [ { name: "20190417 Cisco Unified Communications Manager Denial of Service Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-ucm-dos", }, { name: "108019", refsource: "BID", url: "http://www.securityfocus.com/bid/108019", }, ], }, source: { advisory: "cisco-sa-20190417-ucm-dos", defect: [ [ "CSCvo08315", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1837", datePublished: "2019-04-18T01:25:21.042263Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-19T19:10:22.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2051
Vulnerability from cvelistv5
Published
2009-08-27 16:31
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/57453 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/36499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36152 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36498 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1022775 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:36:20.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "57453", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/57453", }, { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36498", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022775", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-26T00:00:00", descriptions: [ { lang: "en", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-02T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "57453", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/57453", }, { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36498", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022775", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-2051", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "57453", refsource: "OSVDB", url: "http://osvdb.org/57453", }, { name: "36499", refsource: "SECUNIA", url: "http://secunia.com/advisories/36499", }, { name: "36152", refsource: "BID", url: "http://www.securityfocus.com/bid/36152", }, { name: "36498", refsource: "SECUNIA", url: "http://secunia.com/advisories/36498", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, { name: "1022775", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022775", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-2051", datePublished: "2009-08-27T16:31:00", dateReserved: "2009-06-12T00:00:00", dateUpdated: "2024-08-07T05:36:20.094Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6688
Vulnerability from cvelistv5
Published
2013-11-16 02:00
Modified
2024-09-17 02:22
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:46:22.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20131113 Cisco Enterprise License Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31759", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-11-16T02:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20131113 Cisco Enterprise License Manager Path Traversal Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31759", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-6688", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20131113 Cisco Enterprise License Manager Path Traversal Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31759", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=31759", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-6688", datePublished: "2013-11-16T02:00:00Z", dateReserved: "2013-11-07T00:00:00Z", dateUpdated: "2024-09-17T02:22:08.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-3833
Vulnerability from cvelistv5
Published
2017-02-22 02:00
Modified
2024-08-05 14:39
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96246 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Cisco Unified Communications Manager |
Version: Cisco Unified Communications Manager |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T14:39:41.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm", }, { name: "96246", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96246", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "n/a", versions: [ { status: "affected", version: "Cisco Unified Communications Manager", }, ], }, ], datePublic: "2017-02-21T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Scripting Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-02-28T10:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm", }, { name: "96246", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96246", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2017-3833", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "Cisco Unified Communications Manager", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Scripting Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm", refsource: "CONFIRM", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm", }, { name: "96246", refsource: "BID", url: "http://www.securityfocus.com/bid/96246", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2017-3833", datePublished: "2017-02-22T02:00:00", dateReserved: "2016-12-21T00:00:00", dateUpdated: "2024-08-05T14:39:41.310Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1746
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42420 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.291Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-snmp-dos(42420)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42420", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-snmp-dos(42420)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42420", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1746", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-snmp-dos(42420)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42420", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1746", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.291Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1745
Vulnerability from cvelistv5
Published
2008-05-16 06:54
Modified
2024-08-07 08:32
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.vupen.com/english/advisories/2008/1533 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29221 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42417 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30238 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1020022 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:32:01.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-sip-join-dos(42417)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42417", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1020022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-05-14T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-sip-join-dos(42417)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42417", }, { name: "30238", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30238", }, { name: "1020022", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1020022", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1745", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml", }, { name: "ADV-2008-1533", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1533", }, { name: "29221", refsource: "BID", url: "http://www.securityfocus.com/bid/29221", }, { name: "cucm-sip-join-dos(42417)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42417", }, { name: "30238", refsource: "SECUNIA", url: "http://secunia.com/advisories/30238", }, { name: "1020022", refsource: "SECTRACK", url: "http://securitytracker.com/id?1020022", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1745", datePublished: "2008-05-16T06:54:00", dateReserved: "2008-04-11T00:00:00", dateUpdated: "2024-08-07T08:32:01.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-1610
Vulnerability from cvelistv5
Published
2011-05-03 22:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
References
| ▼ | URL | Tags |
|---|---|---|
| http://zerodayinitiative.com/advisories/ZDI-11-143/ | x_refsource_MISC | |
| http://secunia.com/advisories/44331 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/517727/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securitytracker.com/id?1025449 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2011/1122 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67126 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/47607 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T22:37:24.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://zerodayinitiative.com/advisories/ZDI-11-143/", }, { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/44331", }, { name: "20110428 ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/517727/100/0/threaded", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "ucm-sql-injection(67126)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67126", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47607", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/47607", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-04-27T00:00:00", descriptions: [ { lang: "en", value: "Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://zerodayinitiative.com/advisories/ZDI-11-143/", }, { name: "44331", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/44331", }, { name: "20110428 ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/517727/100/0/threaded", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "ucm-sql-injection(67126)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67126", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47607", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/47607", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2011-1610", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://zerodayinitiative.com/advisories/ZDI-11-143/", refsource: "MISC", url: "http://zerodayinitiative.com/advisories/ZDI-11-143/", }, { name: "44331", refsource: "SECUNIA", url: "http://secunia.com/advisories/44331", }, { name: "20110428 ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/517727/100/0/threaded", }, { name: "20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html", }, { name: "1025449", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1025449", }, { name: "ADV-2011-1122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2011/1122", }, { name: "ucm-sql-injection(67126)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/67126", }, { name: "20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml", }, { name: "47607", refsource: "BID", url: "http://www.securityfocus.com/bid/47607", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2011-1610", datePublished: "2011-05-03T22:00:00", dateReserved: "2011-04-05T00:00:00", dateUpdated: "2024-08-06T22:37:24.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-1154
Vulnerability from cvelistv5
Published
2008-04-04 19:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/28591 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml | vendor-advisory, x_refsource_CISCO | |
| http://securitytracker.com/id?1019768 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/1093 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41632 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/29670 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:08:57.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "28591", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/28591", }, { name: "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml", }, { name: "1019768", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1019768", }, { name: "ADV-2008-1093", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1093", }, { name: "cisco-drf-command-execution(41632)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632", }, { name: "29670", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/29670", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-04-03T00:00:00", descriptions: [ { lang: "en", value: "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "28591", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/28591", }, { name: "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml", }, { name: "1019768", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1019768", }, { name: "ADV-2008-1093", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1093", }, { name: "cisco-drf-command-execution(41632)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632", }, { name: "29670", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/29670", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2008-1154", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "28591", refsource: "BID", url: "http://www.securityfocus.com/bid/28591", }, { name: "20080403 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a008096fd9a.shtml", }, { name: "1019768", refsource: "SECTRACK", url: "http://securitytracker.com/id?1019768", }, { name: "ADV-2008-1093", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1093", }, { name: "cisco-drf-command-execution(41632)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/41632", }, { name: "29670", refsource: "SECUNIA", url: "http://secunia.com/advisories/29670", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2008-1154", datePublished: "2008-04-04T19:00:00", dateReserved: "2008-03-05T00:00:00", dateUpdated: "2024-08-07T08:08:57.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-3461
Vulnerability from cvelistv5
Published
2013-08-25 01:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028938 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:07:38.065Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1028938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-08-21T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-11T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1028938", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2013-3461", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20130821 Multiple Vulnerabilities in Cisco Unified Communications Manager", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm", }, { name: "1028938", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1028938", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2013-3461", datePublished: "2013-08-25T01:00:00", dateReserved: "2013-05-06T00:00:00", dateUpdated: "2024-08-06T16:07:38.065Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1362
Vulnerability from cvelistv5
Published
2021-04-08 04:05
Modified
2024-11-08 23:29
Severity ?
EPSS score ?
Summary
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:11:17.346Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20210407 Cisco Unified Communications Products Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-1362", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T20:19:06.292598Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T23:29:29.720Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unity Connection", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2021-04-07T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-08T04:05:35", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20210407 Cisco Unified Communications Products Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb", }, ], source: { advisory: "cisco-sa-cucm-rce-pqVYwyb", defect: [ [ "CSCvu56491", "CSCvv35203", "CSCvv41616", "CSCvv59434", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Remote Code Execution Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2021-04-07T16:00:00", ID: "CVE-2021-1362", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Remote Code Execution Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unity Connection", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-94", }, ], }, ], }, references: { reference_data: [ { name: "20210407 Cisco Unified Communications Products Remote Code Execution Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb", }, ], }, source: { advisory: "cisco-sa-cucm-rce-pqVYwyb", defect: [ [ "CSCvu56491", "CSCvv35203", "CSCvv41616", "CSCvv59434", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2021-1362", datePublished: "2021-04-08T04:05:35.307961Z", dateReserved: "2020-11-13T00:00:00", dateUpdated: "2024-11-08T23:29:29.720Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20815
Vulnerability from cvelistv5
Published
2022-07-06 20:30
Modified
2024-11-06 16:11
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:50.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20815", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:02.741443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:11:27.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], exploits: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-06T20:30:51", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA", }, ], source: { advisory: "cisco-sa-cucm-xss-ksKd5yfA", defect: [ [ "CSCvy16646", "CSCvy52029", "CSCvy60442", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-07-06T16:00:00", ID: "CVE-2022-20815", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Cross-Site Scripting Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.", }, ], }, exploit: [ { lang: "en", value: "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.1", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA", }, ], }, source: { advisory: "cisco-sa-cucm-xss-ksKd5yfA", defect: [ [ "CSCvy16646", "CSCvy52029", "CSCvy60442", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20815", datePublished: "2022-07-06T20:30:51.324508Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:11:27.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0736
Vulnerability from cvelistv5
Published
2014-02-20 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736 | vendor-advisory, x_refsource_CISCO | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32911 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1029792 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.146Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", }, { name: "1029792", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029792", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-18T00:00:00", descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-14T17:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", }, { name: "1029792", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029792", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0736", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140218 Cisco Unified Communications Manager CAR Page CSRF Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0736", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32911", }, { name: "1029792", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029792", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0736", datePublished: "2014-02-20T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.146Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2864
Vulnerability from cvelistv5
Published
2009-09-28 18:20
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/58344 | vdb-entry, x_refsource_OSVDB | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=18883 | x_refsource_CONFIRM | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1022931 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/36836 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/2757 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53447 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/36496 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:07:36.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "58344", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/58344", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", }, { name: "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml", }, { name: "1022931", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022931", }, { name: "36836", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36836", }, { name: "ADV-2009-2757", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2757", }, { name: "cisco-ucm-sip-dos(53447)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447", }, { name: "36496", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36496", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-09-23T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "58344", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/58344", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", }, { name: "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml", }, { name: "1022931", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022931", }, { name: "36836", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36836", }, { name: "ADV-2009-2757", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2757", }, { name: "cisco-ucm-sip-dos(53447)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447", }, { name: "36496", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36496", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-2864", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "58344", refsource: "OSVDB", url: "http://osvdb.org/58344", }, { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=18883", }, { name: "20090923 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8118.shtml", }, { name: "1022931", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022931", }, { name: "36836", refsource: "SECUNIA", url: "http://secunia.com/advisories/36836", }, { name: "ADV-2009-2757", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2757", }, { name: "cisco-ucm-sip-dos(53447)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/53447", }, { name: "36496", refsource: "BID", url: "http://www.securityfocus.com/bid/36496", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-2864", datePublished: "2009-09-28T18:20:00", dateReserved: "2009-08-19T00:00:00", dateUpdated: "2024-08-07T06:07:36.537Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-20789
Vulnerability from cvelistv5
Published
2022-04-21 18:50
Modified
2024-11-06 16:22
Severity ?
EPSS score ?
Summary
A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:24:49.661Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-20789", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-06T15:58:46.051269Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T16:22:29.618Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2022-04-20T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-21T18:50:39", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", }, ], source: { advisory: "cisco-sa-cucm-arb-write-74QzruUU", defect: [ [ "CSCvy52032", ], ], discovery: "INTERNAL", }, title: "Cisco Unified Communications Products Arbitrary File Write Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2022-04-20T23:00:00", ID: "CVE-2022-20789", STATE: "PUBLIC", TITLE: "Cisco Unified Communications Products Arbitrary File Write Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "4.9", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-73", }, ], }, ], }, references: { reference_data: [ { name: "20220420 Cisco Unified Communications Products Arbitrary File Write Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-arb-write-74QzruUU", }, ], }, source: { advisory: "cisco-sa-cucm-arb-write-74QzruUU", defect: [ [ "CSCvy52032", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2022-20789", datePublished: "2022-04-21T18:50:40.011021Z", dateReserved: "2021-11-02T00:00:00", dateUpdated: "2024-11-06T16:22:29.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0742
Vulnerability from cvelistv5
Published
2014-02-27 01:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=33045 | x_refsource_CONFIRM | |
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1029843 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", }, { name: "20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1029843", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-25T00:00:00", descriptions: [ { lang: "en", value: "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-05-15T16:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", }, { name: "20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742", }, { name: "1029843", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1029843", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0742", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", refsource: "CONFIRM", url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=33045", }, { name: "20140225 Cisco Unified Communications Manager CAPF CSR Arbitrary File Read/Write Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0742", }, { name: "1029843", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1029843", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0742", datePublished: "2014-02-27T01:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2050
Vulnerability from cvelistv5
Published
2009-08-27 16:31
Modified
2024-08-07 05:36
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/57452 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/36499 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/36152 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36495 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1022775 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:36:20.983Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "57452", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/57452", }, { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36495", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36495", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022775", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-08-26T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-09-02T09:00:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "57452", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/57452", }, { name: "36499", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36499", }, { name: "36152", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36152", }, { name: "36495", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36495", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022775", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2009-2050", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "57452", refsource: "OSVDB", url: "http://osvdb.org/57452", }, { name: "36499", refsource: "SECUNIA", url: "http://secunia.com/advisories/36499", }, { name: "36152", refsource: "BID", url: "http://www.securityfocus.com/bid/36152", }, { name: "36495", refsource: "SECUNIA", url: "http://secunia.com/advisories/36495", }, { name: "20090826 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af2d11.shtml", }, { name: "1022775", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022775", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2009-2050", datePublished: "2009-08-27T16:31:00", dateReserved: "2009-06-12T00:00:00", dateUpdated: "2024-08-07T05:36:20.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-3775
Vulnerability from cvelistv5
Published
2007-07-15 22:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1018368 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/36123 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/26039 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24867 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35341 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/2511 | vdb-entry, x_refsource_VUPEN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T14:28:52.296Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1018368", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1018368", }, { name: "36123", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/36123", }, { name: "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { name: "26039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/26039", }, { name: "24867", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/24867", }, { name: "cisco-callmanager-presence-system-dos(35341)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341", }, { name: "ADV-2007-2511", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/2511", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-07-11T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1018368", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1018368", }, { name: "36123", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/36123", }, { name: "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { name: "26039", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/26039", }, { name: "24867", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/24867", }, { name: "cisco-callmanager-presence-system-dos(35341)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341", }, { name: "ADV-2007-2511", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/2511", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-3775", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1018368", refsource: "SECTRACK", url: "http://securitytracker.com/id?1018368", }, { name: "36123", refsource: "OSVDB", url: "http://www.osvdb.org/36123", }, { name: "20070711 Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml", }, { name: "26039", refsource: "SECUNIA", url: "http://secunia.com/advisories/26039", }, { name: "24867", refsource: "BID", url: "http://www.securityfocus.com/bid/24867", }, { name: "cisco-callmanager-presence-system-dos(35341)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/35341", }, { name: "ADV-2007-2511", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/2511", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-3775", datePublished: "2007-07-15T22:00:00", dateReserved: "2007-07-15T00:00:00", dateUpdated: "2024-08-07T14:28:52.296Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2835
Vulnerability from cvelistv5
Published
2010-09-23 18:00
Modified
2024-09-17 00:25
Severity ?
EPSS score ?
Summary
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:46:48.541Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-09-23T18:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-2835", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.0 before 7.0(2a)su3, 7.1su before 7.1(3b)su2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a SIP REFER request with an invalid Refer-To header, aka Bug IDs CSCta20040 and CSCta31358.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20100922 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a313.shtml", }, { name: "20100922 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a30f.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-2835", datePublished: "2010-09-23T18:00:00Z", dateReserved: "2010-07-23T00:00:00Z", dateUpdated: "2024-09-17T00:25:40.346Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0587
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1023670 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/38496 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:52:19.446Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1023670", }, { name: "38496", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38496", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-05T16:00:00Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "1023670", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1023670", }, { name: "38496", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38496", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2010-0587", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1023670", refsource: "SECTRACK", url: "http://securitytracker.com/id?1023670", }, { name: "38496", refsource: "BID", url: "http://www.securityfocus.com/bid/38496", }, { name: "20100303 Cisco Unified Communications Manager Denial of Service Vulnerabilities", refsource: "CISCO", url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1b924.shtml", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2010-0587", datePublished: "2010-03-05T16:00:00Z", dateReserved: "2010-02-10T00:00:00Z", dateUpdated: "2024-09-17T03:07:37.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0725
Vulnerability from cvelistv5
Published
2014-02-13 02:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725 | vendor-advisory, x_refsource_CISCO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:27:19.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-02-12T00:00:00", descriptions: [ { lang: "en", value: "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-02-13T01:57:00", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2014-0725", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a \"file storage location,\" aka Bug ID CSCum05337.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20140212 Cisco Unified Communications Manager WAR File Availability Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2014-0725", datePublished: "2014-02-13T02:00:00", dateReserved: "2014-01-02T00:00:00", dateUpdated: "2024-08-06T09:27:19.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-1915
Vulnerability from cvelistv5
Published
2019-10-02 19:06
Modified
2024-11-21 19:10
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Version: unspecified < n/a |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20191002 Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1915", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:56:27.696514Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:10:23.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco Unified Communications Manager", vendor: "Cisco", versions: [ { lessThan: "n/a", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-10-02T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-02T19:06:56", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20191002 Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf", }, ], source: { advisory: "cisco-sa-20191002-cucm-csrf", defect: [ [ "CSCvo42306", "CSCvo91541", "CSCvo99233", ], ], discovery: "INTERNAL", }, title: "Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-10-02T16:00:00-0700", ID: "CVE-2019-1915", STATE: "PUBLIC", TITLE: "Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco Unified Communications Manager", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "6.5", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-352", }, ], }, ], }, references: { reference_data: [ { name: "20191002 Multiple Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-csrf", }, ], }, source: { advisory: "cisco-sa-20191002-cucm-csrf", defect: [ [ "CSCvo42306", "CSCvo91541", "CSCvo99233", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1915", datePublished: "2019-10-02T19:06:56.094776Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-21T19:10:23.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }