Unified Communications Manager@4.3(1) Security Vulnerabilities and Issues — Unified Communications Manager@4.3(1) CVE List

Lucene search

CiscoUnified Communications Manager4.3(1)

9 matches found

CVE•added 2013/08/22 10:55 p.m.•49 views

CVE-2013-3453

Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID C...

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2013/11/18 3:55 a.m.•49 views

CVE-2013-6689

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

6.9CVSS6.7AI score0.00056EPSS

CVE•added 2013/11/18 3:55 a.m.•46 views

CVE-2013-6688

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

6.3CVSS6.4AI score0.00387EPSS

CVE•added 2010/03/05 4:30 p.m.•43 views

CVE-2010-0592

The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, ak...

7.8CVSS6.7AI score0.00602EPSS

CVE•added 2007/08/31 11:17 p.m.•40 views

CVE-2007-4634

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin l...

9.3CVSS8.5AI score0.01774EPSS

CVE•added 2014/01/08 9:55 p.m.•38 views

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

4CVSS6.5AI score0.00445EPSS

CVE•added 2010/03/05 4:30 p.m.•35 views

CVE-2010-0587

Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxC...

7.8CVSS6.8AI score0.00602EPSS

CVE•added 2011/08/29 3:55 p.m.•34 views

CVE-2011-2560

The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2013/12/21 2:22 p.m.•30 views

CVE-2013-6978

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

4CVSS5.8AI score0.00501EPSS