Lucene search
K
CiscoCall Manager

18 matches found

CVE
CVE
added 2005/05/31 4:0 a.m.137 views

CVE-2005-0356

CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...

5CVSS6.2AI score0.83284EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.133 views

CVE-2004-0079

The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...

7.5CVSS7.1AI score0.09537EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.121 views

CVE-2004-0081

CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...

5CVSS7.2AI score0.07229EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.109 views

CVE-2004-0112

The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...

5CVSS7.2AI score0.10424EPSS
CVE
CVE
added 2006/01/22 8:0 p.m.69 views

CVE-2006-0368

CVE-2006-0368 affects Cisco CallManager versions 3.2 and earlier; 3.3 before 3.3(5)SR1; 4.0 before 4.0(2a)SR2c; and 4.1 before 4.1(3)SR2. It enables remote attackers to cause denial of service by opening a large number of TCP connections to port 2000 (CPU/memory consumption) and to ports 2001, 20...

7.8CVSS6.7AI score0.03638EPSS
CVE
CVE
added 2007/08/31 11:0 p.m.69 views

CVE-2007-4633

Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) affect versions before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1. The issue allows remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS5.8AI score0.01223EPSS
CVE
CVE
added 2007/03/16 9:0 p.m.68 views

CVE-2007-1467

The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...

3.5CVSS5.7AI score0.01192EPSS
CVE
CVE
added 2007/05/24 1:29 a.m.58 views

CVE-2007-2832

Cisco CallManager web interface (Cisco CallManager 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1) is affected by a cross-site scripting (XSS) vulnerability. The root cause is insufficient sanitization of input to the CCMAdmin/serverlist.asp (the search-form) and ...

4.3CVSS5.8AI score0.06492EPSS
Web
CVE
CVE
added 2005/07/12 4:0 a.m.55 views

CVE-2005-2243

Cisco CallManager (CCM) memory leak: inetinfo.exe vulnerability affects CCM v3.2 and earlier, v3.3 before 3.3(5), v4.0 before 4.0(2a)SR2b, and v4.1 before 4.1(3)SR1, with MLA enabled. Remote attackers can cause memory exhaustion/DoS by triggering a large number of failing Admin Service Tool (AST)...

5CVSS6.6AI score0.01259EPSS
CVE
CVE
added 2007/08/31 11:0 p.m.55 views

CVE-2007-4634

CVE-2007-4634 affects Cisco CallManager and Unified Communications Manager (CUCM). The vulnerability is a SQL injection in the lang parameter on the (1) user and (2) admin logon pages (aka CSCsi64265). Affected versions include CUCM before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, a...

9.3CVSS8.5AI score0.04307EPSS
CVE
CVE
added 2005/07/12 4:0 a.m.54 views

CVE-2005-2241

Cisco CVE-2005-2241 affects Cisco CallManager (CCM) versions 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 before 4.1(3)SR1. The issue arises from RISDC sockets not timing out promptly, causing a resource leak that can allow remote attackers to exhaust memory and connections...

5CVSS6.6AI score0.01259EPSS
CVE
CVE
added 2006/01/22 8:0 p.m.51 views

CVE-2006-0367

CVE-2006-0367 affects Cisco CallManager up to versions 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2. The issue is a privilege-escalation vulnerability where remote authenticated users with read-only administrative privileges can obtain full admin privile...

6.5CVSS6.2AI score0.02119EPSS
CVE
CVE
added 2006/06/21 1:0 a.m.51 views

CVE-2006-3109

Cisco CallManager suffers a cross-site scripting (XSS) vulnerability in the Administration and User Options web interfaces. Affected versions are 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1). The issue stems from improper input sanitization in ccmadmin/phon...

4.3CVSS5.7AI score0.13488EPSS
Web
CVE
CVE
added 2005/03/10 5:0 a.m.49 views

CVE-2004-1759

Cisco voice products running the IBM Director Agent on IBM servers prior to OS 2000.2.6 are affected by CVE-2004-1759. The issue allows remote attackers to cause a denial of service (CPU consumption) by sending arbitrary packets to TCP port 14247, demonstrated via port scanning. The provided docu...

5CVSS7.1AI score0.02433EPSS
CVE
CVE
added 2005/07/12 4:0 a.m.49 views

CVE-2005-2244

The CVE-2005-2244 entry concerns Cisco CallManager (CCM) prior to certain 3.x/4.x releases, where the aupair.exe service is vulnerable. A crafted packet can trigger a memory allocation failure, leading to a buffer overflow and allowing remote code execution or memory corruption. Affected products...

5CVSS7.9AI score0.03325EPSS
CVE
CVE
added 2007/10/16 12:0 a.m.48 views

CVE-2007-5468

Cisco CallManager 5.1.1.3000-5 is vulnerable because it does not verify the Digest authentication header URI against the SIP Request URI. This allows remote attackers to use sniffed Digest credentials to place arbitrary calls or spoof caller ID (toll fraud and authentication forward attack). The ...

5CVSS7.1AI score0.01588EPSS
CVE
CVE
added 2005/03/10 5:0 a.m.45 views

CVE-2004-1760

The CVE-2004-1760 entry covers unauthenticated remote admin access on Cisco voice products running the IBM Director Agent on IBM servers before OS 2000.2.6. The vulnerability allows an attacker to gain administrator privileges by connecting to TCP port 14247. The description specifies the affecte...

10CVSS7.1AI score0.03801EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.41 views

CVE-2002-0505

CVE-2002-0505 concerns Cisco CallManager CTI Framework authentication. A memory leak when authentication fails (e.g., incorrect CTI/CTIFW credentials) can cause the server to crash and reload, enabling a DoS. Affected products: Cisco CallManager 3.0 and 3.1. The documented fix is to upgrade to 3....

5CVSS6.8AI score0.01771EPSS