235 matches found
CVE-2017-6624
A vulnerability in Cisco IOS 15.53M Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker...
Design/Logic Flaw
A vulnerability in Cisco IOS 15.53M Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker...
CVE-2017-6624
A vulnerability in Cisco IOS 15.53M Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker...
CVE-2017-6624
CVE-2017-6624 affects Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME). The issue stems from a configuration restriction in the toll-fraud protections component, allowing an unauthenticated, remote attacker to place unauthorized long-distance calls via an affected system. Connected...
Cisco CallManager Express Unauthorized Access Vulnerability
A vulnerability in Cisco IOS Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could...
Cross site request forgery (csrf)
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected...
CVE-2017-3874
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. More Information: CSCvb70033. Known Affected Releases: 11.51.11007.2. Known Fixed Releases: 12.00.98000.507...
CVE-2017-3877
CVE-2017-3877 concerns Cisco Unified Communications Manager (CallManager) CSRF vulnerability in the web framework. An unauthenticated remote attacker could induce a user to perform arbitrary actions in the affected web interface due to insufficient CSRF protections (CSCvb70021). Affected release ...
CVE-2017-3874
The CVE-2017-3874 issue affects Cisco Unified Communications Manager (CUCM) web framework. An authenticated, remote attacker can exploit insufficient validation in the CUCM User Options portal to perform a cross-site scripting (XSS) attack. Affected release: 11.5(1.11007.2). Fixed in: 12.0(0.9800...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170315-ucm1)
A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and ar...
CVE-2016-6472
A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known...
CVE-2016-6472
Cisco Unified Communications Manager (CUCM) Web Interface Cross-Site Scripting (CVE-2016-6472) exists in the ccmivr page and can be triggered by unauthenticated remote attackers via parameters, leading to script execution in a user’s browser. Affected release visible in initial data: 11.5(1.2); K...
Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160208-ucm)
Cisco Unified Communications Manager CUCM is prone to an information disclosure vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...
CVE-2016-1319
Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...
Code injection
Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...
CVE-2016-1319
Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...
CVE-2016-1319
CVE-2016-1319 concerns Cisco Unified Communications Manager and related products (CUCM, IM&P, UCCX, Unity Connection) that store a cleartext encryption key, enabling local users to obtain sensitive information via unspecified vectors. Root cause is improper key management allowing plaintext key e...
CVE-2006-2369
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server,...
CVE-2015-4272
Cisco Unified Communications Manager (CallManager) 10.5(2.10000.5) ccmivr page contains cross-site scripting (XSS) vulnerabilities due to insufficient input validation in several parameters. An unauthenticated, remote attacker could entice a user to follow a crafted link to inject arbitrary scrip...
Cisco CallManager <= 4.2 / CUCM 4.2 Logon Page lang Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a...