Lucene search
K

235 matches found

NVD
NVD
added 2017/05/03 9:59 p.m.21 views

CVE-2017-6624

A vulnerability in Cisco IOS 15.53M Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker...

5.3CVSS5.3AI score0.01385EPSS
Exploits0References3
Prion
Prion
added 2017/05/03 9:59 p.m.14 views

Design/Logic Flaw

A vulnerability in Cisco IOS 15.53M Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker...

5CVSS5.3AI score0.01385EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/05/03 9:0 p.m.26 views

CVE-2017-6624

A vulnerability in Cisco IOS 15.53M Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker...

5.3AI score0.01385EPSS
Exploits0References3
CVE
CVE
added 2017/05/03 9:0 p.m.69 views

CVE-2017-6624

CVE-2017-6624 affects Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME). The issue stems from a configuration restriction in the toll-fraud protections component, allowing an unauthenticated, remote attacker to place unauthorized long-distance calls via an affected system. Connected...

5.3CVSS5.3AI score0.01385EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2017/05/03 4:0 p.m.25 views

Cisco CallManager Express Unauthorized Access Vulnerability

A vulnerability in Cisco IOS Software for Cisco CallManager Express CME could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could...

5.3CVSS5.3AI score0.01385EPSS
Exploits0References1
Prion
Prion
added 2017/03/17 10:59 p.m.20 views

Cross site request forgery (csrf)

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected...

4.3CVSS6.6AI score0.00769EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/03/17 10:59 p.m.2 views

CVE-2017-3874

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. More Information: CSCvb70033. Known Affected Releases: 11.51.11007.2. Known Fixed Releases: 12.00.98000.507...

5.4CVSS5.8AI score0.00855EPSS
Exploits0References3
CVE
CVE
added 2017/03/17 10:0 p.m.63 views

CVE-2017-3877

CVE-2017-3877 concerns Cisco Unified Communications Manager (CallManager) CSRF vulnerability in the web framework. An unauthenticated remote attacker could induce a user to perform arbitrary actions in the affected web interface due to insufficient CSRF protections (CSCvb70021). Affected release ...

6.5CVSS6.5AI score0.00769EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/03/17 10:0 p.m.54 views

CVE-2017-3874

The CVE-2017-3874 issue affects Cisco Unified Communications Manager (CUCM) web framework. An authenticated, remote attacker can exploit insufficient validation in the CUCM User Options portal to perform a cross-site scripting (XSS) attack. Affected release: 11.5(1.11007.2). Fixed in: 12.0(0.9800...

5.4CVSS5.2AI score0.00855EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2017/03/16 12:0 a.m.19 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170315-ucm1)

A vulnerability in the web framework of Cisco Unified Communications Manager CallManager could allow an authenticated, remote attacker to perform a cross-site scripting XSS attack. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and ar...

5.4CVSS5.3AI score0.00855EPSS
Exploits0References1
NVD
NVD
added 2016/11/19 3:3 a.m.20 views

CVE-2016-6472

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. More Information: CSCvb37121. Known...

6.1CVSS6AI score0.01543EPSS
Exploits0References3
CVE
CVE
added 2016/11/19 2:45 a.m.61 views

CVE-2016-6472

Cisco Unified Communications Manager (CUCM) Web Interface Cross-Site Scripting (CVE-2016-6472) exists in the ccmivr page and can be triggered by unauthenticated remote attackers via parameters, leading to script execution in a user’s browser. Affected release visible in initial data: 11.5(1.2); K...

6.1CVSS6AI score0.01543EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2016/02/12 12:0 a.m.19 views

Cisco Unified Communications Manager Information Disclosure Vulnerability (cisco-sa-20160208-ucm)

Cisco Unified Communications Manager CUCM is prone to an information disclosure vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...

5.3CVSS5.2AI score0.00828EPSS
Exploits0References1
NVD
NVD
added 2016/02/09 3:59 a.m.18 views

CVE-2016-1319

Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...

5.3CVSS5AI score0.00828EPSS
Exploits0References4
Prion
Prion
added 2016/02/09 3:59 a.m.15 views

Code injection

Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...

5CVSS6.2AI score0.00828EPSS
Exploits0References4Affected Software4
Cvelist
Cvelist
added 2016/02/09 2:0 a.m.26 views

CVE-2016-1319

Cisco Unified Communications Manager aka CallManager 9.12.10000.28, 10.52.10000.5, 10.52.12901.1, and 11.01.10000.10; Unified Communications Manager IM & Presence Service 10.52; Unified Contact Center Express 11.01; and Unity Connection 10.52 store a cleartext encryption key, which allows local...

5AI score0.00828EPSS
Exploits0References4
CVE
CVE
added 2016/02/09 2:0 a.m.52 views

CVE-2016-1319

CVE-2016-1319 concerns Cisco Unified Communications Manager and related products (CUCM, IM&P, UCCX, Unity Connection) that store a cleartext encryption key, enabling local users to obtain sensitive information via unspecified vectors. Root cause is improper key management allowing plaintext key e...

5.3CVSS4.9AI score0.00828EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2015/10/30 10:13 a.m.27 views

CVE-2006-2369

RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server,...

7.5CVSS7.6AI score0.91522EPSS
Exploits13References2
CVE
CVE
added 2015/07/14 2:0 p.m.57 views

CVE-2015-4272

Cisco Unified Communications Manager (CallManager) 10.5(2.10000.5) ccmivr page contains cross-site scripting (XSS) vulnerabilities due to insufficient input validation in several parameters. An unauthenticated, remote attacker could entice a user to follow a crafted link to inject arbitrary scrip...

4.3CVSS5.8AI score0.01546EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Cisco CallManager <= 4.2 / CUCM 4.2 Logon Page lang Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a...

7.1AI score
Exploits0
Rows per page
Query Builder