8 matches found
CVE-2017-6779
CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...
CVE-2020-3124
Cisco HCM-F CSRF vulnerability (CVE-2020-3124) stems from insufficient CSRF protections in the web-based interface. An unauthenticated, remote attacker can persuade a user to click a malicious link, enabling arbitrary requests that could change a target user’s password and allow unauthorized acti...
CVE-2021-1478
CVE-2021-1478 affects Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). The issue arises from an unsecured JMX TCP/IP port, permitting an authenticated, remote attacker over the network to restart the JMX process and cause a denial-of-se...
CVE-2016-6371
CVE-2016-6371 describes a directory traversal flaw in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) web interface (vulnerable in 10.6(3) and earlier). The root cause is insufficient validation of the HTTP URL, enabling an unauthenticated, remote attacker to write arbitrary files via a ...
CVE-2016-6370
The CVE-2016-6370 issue affects Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) up to version 10.6(3) and earlier. A vulnerability in the web interface permits a remote authenticated attacker to read arbitrary files by sending a crafted HTTP pathname, due to insufficient input validation...
CVE-2018-15401
The CVE-2018-15401 entry concerns Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) with a vulnerability in its web-based management interface due to insufficient CSRF protections. A remote, unauthenticated attacker could coerce a logged-in user to perform arbitrary actions on the affected...
CVE-2016-6454
CVE-2016-6454 describes a CSRF vulnerability in the Cisco Hosted Collaboration Mediation Fulfillment (HCMF) web interface. An unauthenticated, remote attacker could coax a user into performing unintended actions within HCMF. Affected release: 11.5(1). Fixed release: 11.5(0.98000.216). The issue a...
CVE-2020-3256
Cisco HCM-F (Hosted Collaboration Mediation Fulfillment) web-based management interface is affected by an XXE (XML External Entity) vulnerability. The issue arises during parsing of certain XML files, allowing an authenticated, remote attacker with administrative privileges to read local files an...