Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unified_communications_manager
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 236 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-04 | CVE-2023-20259 | A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could... | Emergency_responder, Prime_collaboration_deployment, Unified_communications_manager, Unified_communications_manager_im_\&_presence_service, Unity_connection | 7.5 | ||
| 2013-12-12 | CVE-2013-7030 | The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue | Unified_communications_manager | N/A | ||
| 2024-08-21 | CVE-2024-20488 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by... | Unified_communications_manager | 6.1 | ||
| 2009-08-27 | CVE-2009-2054 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689. | Unified_communications_manager | N/A | ||
| 2016-04-21 | CVE-2015-6360 | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. | Adaptive_security_appliance_software, Dx_series_ip_phones_firmware, Ios_xe, Ip_phone_7800_series_firmware, Ip_phone_8800_series_firmware, Jabber_software_development_kit, Libsrtp, Unified_communications_manager, Unified_ip_phone_6900_series_firmware, Unified_ip_phone_7900_series_firmware, Unified_ip_phone_8900_series_firmware, Unified_wireless_ip_phone_7920_firmware, Unity_connection, Webex_meeting_center | 7.5 | ||
| 2019-10-02 | CVE-2019-12715 | A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by... | Unified_communications_manager | 6.1 | ||
| 2019-10-02 | CVE-2019-12716 | A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the... | Unified_communications_manager | 6.1 | ||
| 2019-10-02 | CVE-2019-1915 | A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could... | Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | 6.5 | ||
| 2008-09-26 | CVE-2008-3800 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | Ios, Unified_callmanager, Unified_communications_manager | N/A | ||
| 2008-09-26 | CVE-2008-3801 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | Ios, Unified_callmanager, Unified_communications_manager | N/A |