13 matches found
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager Unified CM and Unified Communications Manager Session Management Edition Unified CM SME. The vulnerability, tracked as CVE-2026-20230 CVSS score: 8.6, is a case of improp...
Exploit for CVE-2026-20230
CVE-2026-20230 Scanner A Python-based scanner and validation...
EUVD-2024-18226
Malicious code in bioql PyPI...
CVE-2025-20326
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM Software and Cisco Unified CM Session Management Edition SME Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected device...
Cisco Unified Communications Manager IM & Presence File Read Vulnerability (isco-sa-cucm-imp-afr-YBFLNyzd)
The version of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P installed on the remote host is prior to 14SU2. It is, therefore, affected by a file read vulnerability. Due to insufficient file permissions, an authenticated remote attacker could read arbitrary files on t...
CVE-2022-20788
The CVE-2022-20788 issue affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. It is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-...
CVE-2021-1409
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection...
CVE-2021-1355
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisc...
CVE-2021-1357
CVE-2021-1357 concerns multiple input-validation weaknesses in Cisco Unified Communications Manager IM&P, with a broader impact affecting Unified CM and Unified CM SME. The advisory describes path-traversal and SQL injection vulnerabilities in Unified CM IM&P, which may allow an attacker to acces...
CVE-2017-3808
A vulnerability in the Session Initiation Protocol SIP UDP throttling process of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient rate...
Cisco Unified Communications Manager Cross-Site Redirection Vulnerability
A vulnerability in the web framework code of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack. The vulnerability is due to insufficient validation of a parameter. Cisco has confirmed the...
Cisco Unified Communications Manager CAPF Unauthenticated Blind SQL Injection Vulnerability
A vulnerability in the Certificate Authority Proxy Function CAPF of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate...
Cisco Unified Communications Manager Operating System-Level Privilege Escalation Vulnerability
A vulnerability in underlying file permissions of specific operating system-level commands of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, local attacker to gain elevated privileges. The vulnerability is due to insufficient file permissions. An attacker coul...