Unified Communications Manager@8.6(1) Security Vulnerabilities and Issues — Unified Communications Manager@8.6(1) CVE List

Lucene search

CiscoUnified Communications Manager8.6(1)

17 matches found

CVE•added 2013/08/22 10:55 p.m.•49 views

CVE-2013-3453

Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID C...

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2013/11/18 3:55 a.m.•49 views

CVE-2013-6689

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

6.9CVSS6.7AI score0.00056EPSS

CVE•added 2013/11/18 3:55 a.m.•46 views

CVE-2013-6688

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

6.3CVSS6.4AI score0.00387EPSS

CVE•added 2013/08/25 3:27 a.m.•44 views

CVE-2013-3460

Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.

7.8CVSS6.7AI score0.00547EPSS

CVE•added 2013/07/18 12:48 p.m.•42 views

CVE-2013-3402

An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.

6.5CVSS7.4AI score0.00358EPSS

CVE•added 2013/07/18 12:48 p.m.•42 views

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.

7.5CVSS8.6AI score0.00366EPSS

CVE•added 2013/02/27 9:55 p.m.•41 views

CVE-2013-1133

Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2013/08/25 3:27 a.m.•40 views

CVE-2013-3461

Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets ...

7.1CVSS6.8AI score0.00511EPSS

CVE•added 2013/07/18 12:48 p.m.•38 views

CVE-2013-3403

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.

6.8CVSS6.9AI score0.00101EPSS

CVE•added 2014/01/08 9:55 p.m.•38 views

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

4CVSS6.5AI score0.00445EPSS

CVE•added 2013/08/25 3:27 a.m.•37 views

CVE-2013-3462

Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.

8.5CVSS7.8AI score0.08764EPSS

CVE•added 2013/07/18 12:48 p.m.•36 views

CVE-2013-3434

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.

6.8CVSS6.7AI score0.00098EPSS

CVE•added 2012/03/01 1:55 a.m.•35 views

CVE-2011-4487

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote...

6.8CVSS8.5AI score0.00342EPSS

CVE•added 2012/03/01 1:55 a.m.•32 views

CVE-2011-4486

Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of ...

7.8CVSS6.7AI score0.00427EPSS

CVE•added 2013/07/18 12:48 p.m.•30 views

CVE-2013-3412

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.

6.5CVSS8.1AI score0.00311EPSS

CVE•added 2013/07/18 12:48 p.m.•30 views

CVE-2013-3433

6.8CVSS6.7AI score0.00098EPSS

CVE•added 2013/12/21 2:22 p.m.•30 views

CVE-2013-6978

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

4CVSS5.8AI score0.00501EPSS