Total
231 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0657 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | N/A |
The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. | |||||
CVE-2013-7030 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue | |||||
CVE-2013-6978 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | N/A |
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | |||||
CVE-2013-6689 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.9 MEDIUM | N/A |
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | |||||
CVE-2013-6688 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.3 MEDIUM | N/A |
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. | |||||
CVE-2013-5555 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | |||||
CVE-2013-5528 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | N/A |
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815. | |||||
CVE-2013-4869 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | N/A | N/A |
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." | |||||
CVE-2013-3472 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. | |||||
CVE-2013-3462 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 8.5 HIGH | N/A |
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. | |||||
CVE-2013-3461 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.1 HIGH | N/A |
Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869. | |||||
CVE-2013-3460 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.8 HIGH | N/A |
Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597. | |||||
CVE-2013-3459 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 7.8 HIGH | N/A |
Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466. | |||||
CVE-2013-3453 | 1 Cisco | 2 Unified Communications Manager, Unified Presence | 2024-11-21 | 7.8 HIGH | N/A |
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | |||||
CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | |||||
CVE-2013-3450 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. | |||||
CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | N/A |
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. | |||||
CVE-2013-3434 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. | |||||
CVE-2013-3433 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. | |||||
CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. |