Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3402 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.5 MEDIUM | N/A |
| An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. | |||||
| CVE-2013-5555 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | |||||
| CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.0 MEDIUM | N/A |
| The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | |||||
| CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. | |||||
| CVE-2013-6689 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.9 MEDIUM | N/A |
| Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | |||||
| CVE-2013-3404 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. | |||||
| CVE-2013-1188 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 5.0 MEDIUM | N/A |
| Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515. | |||||
| CVE-2013-3433 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
| Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | |||||
| CVE-2013-3453 | 1 Cisco | 2 Unified Communications Manager, Unified Presence | 2023-12-10 | 7.8 HIGH | N/A |
| Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | |||||
| CVE-2014-0657 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.0 MEDIUM | N/A |
| The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | |||||
| CVE-2012-3949 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. | |||||
| CVE-2013-3461 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.1 HIGH | N/A |
| Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | |||||
| CVE-2013-3403 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. | |||||
| CVE-2011-4019 | 1 Cisco | 2 Ios, Unified Communications Manager | 2023-12-10 | 5.4 MEDIUM | N/A |
| Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. | |||||
| CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | N/A | N/A |
| Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | |||||
| CVE-2010-2834 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987. | |||||
| CVE-2011-1643 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2023-12-10 | 10.0 HIGH | N/A |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. | |||||
| CVE-2010-0592 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800. | |||||
| CVE-2011-2563 | 1 Cisco | 2 Intercompany Media Engine, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. | |||||
| CVE-2011-2564 | 1 Cisco | 2 Intercompany Media Engine, Unified Communications Manager | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. | |||||