Unified Communications Manager@7.1(5b)su4 Security Vulnerabilities and Issues — Unified Communications Manager@7.1(5b)su4 CVE List

Lucene search

CiscoUnified Communications Manager7.1(5b)su4

17 matches found

CVE•added 2013/08/22 10:55 p.m.•49 views

CVE-2013-3453

Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID C...

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2013/11/18 3:55 a.m.•49 views

CVE-2013-6689

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

6.9CVSS6.7AI score0.00056EPSS

CVE•added 2013/11/18 3:55 a.m.•46 views

CVE-2013-6688

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

6.3CVSS6.4AI score0.00387EPSS

CVE•added 2012/09/27 12:55 a.m.•43 views

CVE-2012-3949

The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a den...

7.8CVSS6.6AI score0.00932EPSS

CVE•added 2013/07/18 12:48 p.m.•42 views

CVE-2013-3402

An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.

6.5CVSS7.4AI score0.00358EPSS

CVE•added 2013/07/18 12:48 p.m.•42 views

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.

7.5CVSS8.6AI score0.00366EPSS

CVE•added 2013/08/25 3:27 a.m.•40 views

CVE-2013-3459

Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2012/05/03 10:11 a.m.•38 views

CVE-2011-4019

Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883.

5.4CVSS6.7AI score0.00427EPSS

CVE•added 2013/07/18 12:48 p.m.•38 views

CVE-2013-3403

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.

6.8CVSS6.9AI score0.00101EPSS

CVE•added 2014/01/08 9:55 p.m.•38 views

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

4CVSS6.5AI score0.00445EPSS

CVE•added 2013/08/25 3:27 a.m.•37 views

CVE-2013-3462

Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.

8.5CVSS7.8AI score0.08764EPSS

CVE•added 2013/07/18 12:48 p.m.•36 views

CVE-2013-3434

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.

6.8CVSS6.7AI score0.00098EPSS

CVE•added 2012/03/01 1:55 a.m.•35 views

CVE-2011-4487

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote...

6.8CVSS8.5AI score0.00342EPSS

CVE•added 2012/03/01 1:55 a.m.•32 views

CVE-2011-4486

Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of ...

7.8CVSS6.7AI score0.00427EPSS

CVE•added 2013/07/18 12:48 p.m.•30 views

CVE-2013-3412

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.

6.5CVSS8.1AI score0.00311EPSS

CVE•added 2013/07/18 12:48 p.m.•30 views

CVE-2013-3433

6.8CVSS6.7AI score0.00098EPSS

CVE•added 2013/12/21 2:22 p.m.•30 views

CVE-2013-6978

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

4CVSS5.8AI score0.00501EPSS