Unified Communications Manager Security Vulnerabilities and Issues — Unified Communications Manager CVE List

Lucene search

CiscoUnified Communications Manager

9 matches found

CVE•added 2007/08/09 9:17 p.m.•45 views

CVE-2007-4294

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.

6.8CVSS7.6AI score0.02463EPSS

CVE•added 2007/08/31 11:17 p.m.•45 views

CVE-2007-4633

Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) u...

4.3CVSS5.8AI score0.00516EPSS

CVE•added 2007/07/15 10:30 p.m.•42 views

CVE-2007-3776

Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.

5CVSS6.2AI score0.00516EPSS

CVE•added 2007/08/31 11:17 p.m.•40 views

CVE-2007-4634

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin l...

9.3CVSS8.5AI score0.01774EPSS

CVE•added 2007/10/18 12:17 a.m.•39 views

CVE-2007-5538

Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the proc...

10CVSS8.1AI score0.07505EPSS

CVE•added 2007/07/15 10:30 p.m.•38 views

CVE-2007-3775

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.

7.8CVSS6.7AI score0.01482EPSS

CVE•added 2007/07/15 9:30 p.m.•36 views

CVE-2006-5277

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.

9.3CVSS7.7AI score0.05464EPSS

CVE•added 2007/07/15 10:30 p.m.•33 views

CVE-2006-5278

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.

10CVSS8AI score0.09727EPSS

CVE•added 2007/10/18 12:17 a.m.•31 views

CVE-2007-5537

Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.

7.8CVSS6.7AI score0.01482EPSS