Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...

Cisco Unity Connection DoS (cisco-sa-cucm-apidos-PGsDcdNF)

According to its self-reported version, Cisco Unity Connection running on the remote host is affected by a denial of service DoS vulnerability. Due to improper API authentication and incomplete verification of the API request, an unauthenticated, remote attacker can send a specially crafted HTTP...

Cisco Multiple Product Security Vulnerabilities

Cisco Unity Connection UC and others are products of Cisco USA.Cisco Unity Connection is a voice messaging platform.Cisco Unified Communications Manager CUCM, Unified CM. Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call processing component of a unified communications...

The vulnerability of the Cisco Emergency Responder, Cisco Unified Communications Manager, and Cisco Unified Communications Manager Session Management Edition (SME) systems, as well as the Cisco Unity Connection messaging system, stems from deficiencies in access control. This allows attackers to escalate their privileges.

The vulnerability of the Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition SME, and Cisco Unity Connection systems related to message exchange systems is linked to deficiencies in access control for update files...

Cisco Unity Connection Privilege Escalation (cisco-sa-cucm-priv-esc-D8Bky5eg)

The version of Cisco Unity Connection installed on the remote host is 12.51 prior to 12.51SU8a or 14 prior to 14SU3 and missing a security patch. It is, therefore, affected by a privilege escalation vulnerability due to the lack of restrictions on files that are used for upgrades. An attacker wit...

CVE-2023-20266

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected...

CVE-2023-20266

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected...

CVE-2023-20266

CVE-2023-20266 affects Cisco Emergency Responder, Unified CM, Unified CM SME, and Cisco Unity Connection. The issue stems from improper restrictions on upgrade files, where a crafted upgrade package could enable an authenticated attacker with platform administrator credentials to elevate privileg...

Cisco多款产品安全漏洞

Cisco Unity Connection UC and others are products of Cisco Corporation.Cisco Unity Connection is a voice messaging platform.Cisco Unified Communications Manager CUCM, Unified CM. Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call processing component of a unified...

Cisco Unity Connection Timing Attack (cisco-sa-ucm-timing-JVbHECOK)

The version of Cisco Unity Connection installed on the remote device is version 12.51 prior to 12.51SU6 or 14 prior to 14SU1. It is, therefore, affected by a timing attack due to insufficient protection of a system password. An unauthenticated remote attacker can exploit this vulnerability to...

Cisco Unity Connection Improper Access Control (cisco-sa-ucm-access-dMKvV2DY)

The version of Cisco Unity Connection installed on the remote host is 14.x prior to 14SU2. It is, therefore, affected by an improper access control vulnerability. An authenticated attacker with read-only privileges can exploit this vulnerability to perform a set of administrative actions they...

The vulnerability of the Disaster Recovery function in Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and the integrated Cisco Unity Connection messaging system allows a intruder to execute arbitrary commands with administrator privileges.

The vulnerability of the Disaster Recovery function in Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and the integrated Cisco Unity Connection messaging system is related to access control deficiencies. Exploiting this vulnerability could allow ...

The vulnerabilities of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) systems, along with the integrated messaging system Cisco Unity Connection, stem from insufficient protection of operational data. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME systems, as well as the integrated messaging system Cisco Unity Connection, are related to insufficient protection of operational data. Exploiting these...

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, the integrated messaging system Cisco Unity Connection, allows a attacker to perform XSS attacks.

The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME, as well as Cisco Unified Communications Manager IM & Presence Service, and the integrated messaging system Cisco Unity Connection, exists due to...

Cisco Unity Connection XSS (cisco-sa-cucm-xss-RgH7MpKA)

The version of Cisco Unity Connection installed on the remote host is prior to 14S2. It is, therefore affected by a cross-site scripting vulnerability XSS. An unauthenticated remote attacker could, with the interaction of another user, exploit this vulnerability to execute arbitrary code in the...

CVE-2022-20859

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions the...

CVE-2022-20752

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...

CVE-2022-20752

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...

Design/Logic Flaw

A vulnerability in Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient...

CVE-2022-20859 Cisco Unified Communications Products Access Control Vulnerability

A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager Unified CM, Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P, and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions the...