Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0591 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362. | |||||
| CVE-2011-4487 | 1 Cisco | 7 Business Edition 3000, Business Edition 3000 Software, Business Edition 5000 and 4 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. | |||||
| CVE-2008-3800 | 1 Cisco | 3 Ios, Unified Callmanager, Unified Communications Manager | 2023-12-10 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | |||||
| CVE-2009-2053 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236. | |||||
| CVE-2009-2051 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987. | |||||
| CVE-2009-2864 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. | |||||
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. | |||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
| The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-1747 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. | |||||
| CVE-2008-2062 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. | |||||
| CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 9.0 HIGH | N/A |
| The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to the intended synchronization task, as demonstrated by (1) DC Directory account credentials in CUCM 4.x and (2) TabSyncSysUser account credentials in CUCM 5.x through 7.x. | |||||
| CVE-2008-1748 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. | |||||
| CVE-2008-1743 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433. | |||||
| CVE-2008-2061 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. | |||||
| CVE-2008-1744 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770. | |||||
| CVE-2009-2050 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466. | |||||
| CVE-2008-3801 | 1 Cisco | 3 Ios, Unified Callmanager, Unified Communications Manager | 2023-12-10 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | |||||
| CVE-2008-1745 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115. | |||||
| CVE-2008-1746 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. | |||||
| CVE-2009-0057 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." | |||||