Lucene search
+L

13 matches found

The Hacker News
The Hacker News
added 2026/06/24 6:50 a.m.11 views

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...

8.6CVSS7.7AI score0.41694EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/06/12 7:47 p.m.168 views

Exploit for CVE-2026-20230

CVE-2026-20230 Scanner A Python-based scanner and validation...

8.6CVSS5.9AI score0.41694EPSS
Exploits3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-18226

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 6:15 p.m.5 views

CVE-2025-20326

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM Software and Cisco Unified CM Session Management Edition SME Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device...

8.8CVSS0.00167EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.38 views

Cisco Unified Communications Manager IM & Presence File Read Vulnerability (isco-sa-cucm-imp-afr-YBFLNyzd)

The version of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P installed on the remote host is prior to 14SU2. It is, therefore, affected by a file read vulnerability. Due to insufficient file permissions, an authenticated remote attacker could read arbitrary files on t...

6.5CVSS6.7AI score0.0143EPSS
Exploits0References4
CVE
CVE
added 2022/04/21 6:50 p.m.167 views

CVE-2022-20788

The CVE-2022-20788 issue affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. It is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-...

6.1CVSS6AI score0.00802EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2021/04/08 4:15 a.m.3 views

CVE-2021-1409

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...

6.1CVSS6AI score
Exploits0References1
OSV
OSV
added 2021/01/20 8:15 p.m.5 views

CVE-2021-1355

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisc...

6.5CVSS6.7AI score0.01352EPSS
Exploits0References1
CVE
CVE
added 2021/01/20 8:0 p.m.70 views

CVE-2021-1357

CVE-2021-1357 concerns multiple input-validation weaknesses in Cisco Unified Communications Manager IM&P, with a broader impact affecting Unified CM and Unified CM SME. The advisory describes path-traversal and SQL injection vulnerabilities in Unified CM IM&P, which may allow an attacker to acces...

6.5CVSS6.9AI score0.01352EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2017/04/20 10:0 p.m.24 views

CVE-2017-3808

A vulnerability in the Session Initiation Protocol SIP UDP throttling process of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate...

7.5AI score0.02479EPSS
Exploits0References3
Cisco
Cisco
added 2014/09/11 7:27 p.m.27 views

Cisco Unified Communications Manager Cross-Site Redirection Vulnerability

A vulnerability in the web framework code of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. Cisco has confirmed the...

4.9CVSS5.6AI score0.01543EPSS
Exploits0References1
Cisco
Cisco
added 2014/02/19 8:20 p.m.22 views

Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability

A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate...

4.3CVSS7AI score0.01205EPSS
Exploits1References1
Cisco
Cisco
added 2014/02/03 6:17 p.m.24 views

Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability

A vulnerability in underlying file permissions of specific operating system-level commands of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to gain elevated privileges. The vulnerability is due to insufficient file permissions. An attacker coul...

6CVSS6.6AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder