Unified Communications Manager@8.6(4) Security Vulnerabilities and Issues — Unified Communications Manager@8.6(4) CVE List

Lucene search

CiscoUnified Communications Manager8.6(4)

11 matches found

CVE•added 2013/11/18 3:55 a.m.•49 views

CVE-2013-6689

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

6.9CVSS6.7AI score0.00056EPSS

CVE•added 2013/11/18 3:55 a.m.•46 views

CVE-2013-6688

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

6.3CVSS6.4AI score0.00387EPSS

CVE•added 2013/07/18 12:48 p.m.•42 views

CVE-2013-3402

An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.

6.5CVSS7.4AI score0.00358EPSS

CVE•added 2013/07/18 12:48 p.m.•42 views

CVE-2013-3404

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.

7.5CVSS8.6AI score0.00366EPSS

CVE•added 2013/02/27 9:55 p.m.•41 views

CVE-2013-1133

Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.

7.8CVSS6.8AI score0.00427EPSS

CVE•added 2013/07/18 12:48 p.m.•38 views

CVE-2013-3403

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.

6.8CVSS6.9AI score0.00101EPSS

CVE•added 2014/01/08 9:55 p.m.•38 views

CVE-2014-0657

The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

4CVSS6.5AI score0.00445EPSS

CVE•added 2013/07/18 12:48 p.m.•36 views

CVE-2013-3434

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.

6.8CVSS6.7AI score0.00098EPSS

CVE•added 2013/07/18 12:48 p.m.•30 views

CVE-2013-3412

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.

6.5CVSS8.1AI score0.00311EPSS

CVE•added 2013/07/18 12:48 p.m.•30 views

CVE-2013-3433

6.8CVSS6.7AI score0.00098EPSS

CVE•added 2013/12/21 2:22 p.m.•30 views

CVE-2013-6978

The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

4CVSS5.8AI score0.00501EPSS