63 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2026-20045
Cisco CVE-2026-20045 affects Cisco Unified Communications Manager (including Unified CM SME, IM&P), Unity Connection, and Webex Calling Dedicated Instance. The flaw stems from improper validation of user-supplied input in HTTP requests to the web-based management interface, allowing an unauthenti...
CVE-2024-20272
CVE-2024-20272 affects Cisco Unity Connection. An unauthenticated attacker can exploit a lack of authentication in a specific API and improper validation to upload arbitrary files, potentially storing malicious files, executing commands on the underlying OS, and elevating privileges to root. Cisc...
CVE-2022-20788
The CVE-2022-20788 issue affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. It is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-...
CVE-2024-20253
CVE-2024-20253 affects Cisco Unified Communications Manager and related UC/Contact Center products. The root cause is improper processing of user-supplied data read into memory, enabling an unauthenticated, remote attacker to send a crafted message to a listening port and execute arbitrary comman...
CVE-2020-3129
CVE-2020-3129 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco Unity Connection Software. The issue arises from insufficient input validation in the interface, allowing an authenticated, remote attacker to supply crafted data that can be s...
CVE-2022-20859
CVE-2022-20859 affects Cisco Unified Communications Manager (CUCM), Unified CM IM&P, and Cisco Unity Connection in the Disaster Recovery framework. Root cause: insufficient access control checks allowing an authenticated, read-only user to run a vulnerable command and perform administrative actio...
CVE-2021-1362
CVE-2021-1362 affects Cisco Unified Communications Manager family (CUCM, IM&P, Session Management Edition, Unity Connection, Prime License Manager). The vulnerability is due to improper sanitization of user-supplied input in the SOAP API endpoint, allowing an authenticated, remote attacker to sen...
CVE-2015-6360
CVE-2015-6360 affects libsrtp/libSRTP, with several advisories noting that the encryption-processing feature allows remote DoS via crafted SRTP packets. The root cause in the reports is improper handling of CSRC count and extension header length in RTP headers, leading to vulnerable RTP processin...
CVE-2021-1380
CVE-2021-1380 covers multiple Cisco products (CUCM, CUCM IM&P, CUCM SME, Unity Connection) with web-based management interface XSS vulnerabilities caused by improper input validation. An unauthenticated, remote attacker could lure a user to click a crafted link and trigger arbitrary script execut...
CVE-2023-20259
CVE-2023-20259 concerns Cisco Unified Communications products exposing an unauthenticated API that can be abused to cause high CPU utilization and DoS, potentially impacting web management access and call processing. The issue arises from improper API authentication and incomplete validation of A...
CVE-2022-20800
Summary: CVE-2022-20800 describes a cross-site scripting (XSS) vulnerability in Cisco Unified Communications Manager family web interfaces (CUCM, Unified CM SME, Unified CM IM&P, and Unity Connection). The issue stems from improper validation of user-supplied input in the web-based management int...
CVE-2021-1409
Summary: CVE-2021-1409 covers multiple cross-site scripting (XSS) flaws in Cisco Unified Communications Manager (CUCM), including the web-based management interfaces of CUCM, CUCM IM&P, CUCM SME, and Cisco Unity Connection. What’s affected: Web-based management interfaces in CUCM family prior to ...
CVE-2023-20266
CVE-2023-20266 affects Cisco Emergency Responder, Unified CM, Unified CM SME, and Cisco Unity Connection. The issue stems from improper restrictions on upgrade files, where a crafted upgrade package could enable an authenticated attacker with platform administrator credentials to elevate privileg...
CVE-2017-12212
Cisco Unity Connection (v10.5(2) with default config) is affected by a reflected cross-site scripting (XSS) vulnerability in its web framework. The issue arises from insufficient input validation on HTTP GET/POST parameters, allowing an unauthenticated, remote attacker to persuade a user to follo...
CVE-2018-0203
CVE-2018-0203 : A vulnerability in the SMTP relay of Cisco Unity Connection allows an unauthenticated, remote attacker to send unsolicited email messages due to improper handling of domain information. A successful exploit could deliver emails to arbitrary addresses. Affected product: Cisco Unity...
CVE-2020-3130
The CVE-2020-3130 issue affects Cisco Unity Connection’s web management interface. It is a directory traversal vulnerability caused by insufficient input validation that could let an authenticated attacker (with valid admin credentials) send a crafted HTTP request and overwrite files on the under...
CVE-2018-0354
The CVE-2018-0354 issue affects Cisco Unity Connection, specifically the web framework. It stems from insufficient input validation for parameters passed via HTTP GET/POST, enabling an unauthenticated, remote attacker to trigger cross-site scripting (XSS) in a user’s browser when a user follows a...
CVE-2022-20752
CVE-2022-20752 affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection. The issue is a timing attack caused by insufficient protection of a system password, enabling an unauthenticated remote attacker to infer a...
CVE-2021-1226
The CVE-2021-1226 issue affects Cisco UCM family (including Cisco Unified Communications Manager, Session Management Edition, IM&P Service, Unity Connection, Emergency Responder, and Prime License Manager). It arises from storing certain credentials in clear text within audit logs, enabling an au...
CVE-2024-20305
Cisco Unity Connection's web-based management interface is affected by an XSS vulnerability due to improper input validation. An authenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the user’s browser context or access to sensitive ...
CVE-2019-1915
CVE-2019-1915 affects Cisco Unified Communications Manager (CUCM), including SME, IM&P, and Unity Connection web interfaces. The root cause is insufficient CSRF protections, allowing an unauthenticated, remote attacker to trick a user into visiting a malicious page and issue arbitrary requests on...
CVE-2025-20278
CVE-2025-20278 affects Cisco Unified Communications products. The vulnerability is a command-injection flaw in the CLI due to insufficient validation of command arguments, allowing an authenticated local attacker to execute arbitrary OS commands as root on an affected device. Exploitation require...
CVE-2015-0613
CVE-2015-0613 affects Cisco Unity Connection CuCsMgr: vulnerability arises when SIP trunk integration is enabled, allowing unauthenticated remote attackers to trigger a DoS (core dump and restart) by sending crafted SIP INVITE messages. Affected software includes Unity Connection 8.5 before 8.5(1...
CVE-2017-6779
CVE-2017-6779 affects multiple Cisco VOS-based products (Emergency Responder, Finesse, UCM family, Unity Connection, UIC, SME, UCCx, MediaSense, Prime products, and related). Root cause: system log file has no maximum size limit, enabling an unauthenticated, remote attacker to cause high disk uti...
CVE-2017-12337
CVE-2017-12337 affects Cisco Voice Operating System (Voice OS) upgrade mechanisms. A refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration can leave an engineering flag enabled after completion, potentially allowing an unauthenticated attacker to gain root access with a known pas...
CVE-2021-34701
Cisco CVE-2021-34701 affects Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM&P, and Cisco Unity Connection. The issue arises from insufficient validation of user-supplied input in the web-based management interface, enabling authentica...
CVE-2018-15426
CVE-2018-15426 affects Cisco Unity Connection’s web-based interface. The issue is a stored XSS vulnerability caused by insufficient validation of user-supplied input, exploitable when a user clicks a crafted link, potentially allowing arbitrary script execution in the interface context or access ...
CVE-2012-0366
Cisco Unity Connection (Linux-based platform) prior to versions 7.1.3b(Su2) and 7.1.5 is affected by CVE-2012-0366, a privilege-escalation vulnerability where an authenticated user with the Help Desk Administrator role can change the administrative password, gaining full control. The issue stems ...
CVE-2015-0612
Cisco Unity Connection is affected by CVE-2015-0612 (CuCsMgr DoS) when SIP trunk integration is enabled. Affected are 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2 (and 10.x prior to 10.0(1)SU1 per Nessus plugin). The issue arises from CuCsMgr’s improper handling of specif...
CVE-2019-12707
CVE-2019-12707 describes an XSS vulnerability in the web-based interfaces of multiple Cisco Unified Communications products due to insufficient validation of user-supplied input. An unauthenticated, remote attacker can entice a user to click a crafted link, potentially executing arbitrary script ...
CVE-2020-3282
CVE-2020-3282 affects Cisco Unified Communications Manager family (including Session Management Edition, IM&P Service, Unity Connection) where the web-based management interface fails to validate user-supplied input, enabling unauthenticated remote attackers to perform cross-site scripting (XSS) ...
CVE-2015-0614
CVE-2015-0614 affects Cisco Unity Connection CuCsMgr and is triggered when SIP trunk integration is enabled. The vulnerability allows unauthenticated remote attackers to cause a denial of service (core dump and restart) by sending crafted SIP INVITE messages to affected versions (8.5 < 8.5(1)S...
CVE-2014-0664
CVE-2014-0664 affects Cisco Unity Connection. The issue is an IMAP DoS where an authenticated, remote attacker can cause 100% CPU by issuing specific IMAP commands due to how IMAP commands are processed. Cisco’s advisory states the vulnerability can be mitigated by applying the provided software ...
CVE-2015-0616
CVE-2015-0616 affects Cisco Unity Connection’s Connection Conversation Manager (CuCsMgr) when SIP trunk integration is enabled. The vulnerability allows an unauthenticated, remote attacker to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections. Affected...
CVE-2014-2145
Cisco Unity Connection contains a directory traversal vulnerability in its messaging API (CVE-2014-2145). An authenticated, remote attacker can read arbitrary files by exploiting insufficient input filtering and relaxed restrictions on file types beyond .wav, via the audio/x-wav MIME type. Impact...
CVE-2017-6629
The CVE-2017-6629 entry concerns Cisco Unity Connection 10.5(2). Affected component: ImageID parameter handling in HTTP POST submissions. Root cause: improper sanitization of filenames in user-supplied input, enabling directory traversal. Impact: an unauthenticated, remote attacker could access f...
CVE-2018-15396
Cisco Unity Connection BAT (Bulk Administration Tool) is affected by a vulnerability that allows an authenticated, remote attacker with administrator credentials to cause high disk utilization, leading to a DoS. The root cause is that the software does not restrict the maximum size of certain fil...
CVE-2019-1685
Cisco Unity Connection (version 12.5) exposes a reflected XSS vulnerability in the SAML SSO interface due to insufficient input validation. An unauthenticated remote attacker can lure a user to click a crafted link, potentially executing arbitrary script in the interface context or accessing sens...
CVE-2015-0615
CVE-2015-0615 affects Cisco Unity Connection; DoS via SIP call handling when SIP trunk integration is enabled. Affected versions: 8.5 (before 8.5(1)SU7), 8.6 (before 8.6(2a)SU4), 9.x (before 9.1(2)SU2), 10.0 (before 10.0(1)SU1). Root cause: SIP session termination can fail to release resources, l...
CVE-2015-0715
Cisco CUCM 11.0(0.98000.225) is impacted by CVE-2015-0715, a SQL injection in the administrative web interface. An authenticated, remote attacker can exploit improper input validation to inject or modify SQL queries, potentially exposing or manipulating data via vectors not fully specified in the...
CVE-2018-15403
CVE-2018-15403 describes an open redirect vulnerability in Cisco Emergency Responder (CER) and related Cisco Unified Communications products (CER, UCM, UCM IM&P, Unity Connection). The issue stems from improper input validation of HTTP request parameters in the web interface, enabling an authenti...
CVE-2012-0367
Cisco Unity Connection is affected by CVE-2012-0367, a remote denial of service caused by the improper handling of TCP segments. Affected versions include: Privilege Escalation vulnerability: prior to 7.1, 7.1, and 8.0/8.5/8.6 are listed in Cisco advisories as affected for the related issue, with...
CVE-2014-3333
Cisco Unity Connection 9.1(1) and 9.1(2) are affected by CVE-2014-3333, where an authenticated remote attacker can elevate privileges by performing an HTTP Intercept attack and reading files within the web server user context, per Cisco's advisory CSCu p41014. The root cause is improper privilege...
CVE-2015-6408
CVE-2015-6408 affects Cisco Unity Connection 11.5(0.98) and is a CSRF vulnerability caused by lack of CSRF protections, enabling remote attackers to hijack the authentication of arbitrary users. Impact and conditions are as described in Cisco’s advisory; no software updates were released at the t...
CVE-2016-1377
Cisco Unity Connection up to version 11.0 contains a cross-site scripting (XSS) vulnerability in its web framework. An unauthenticated, remote attacker could inject arbitrary web script or HTML via unspecified parameters in the web interface, which is exploitable when a user follows a crafted lin...
CVE-2013-1129
CVE-2013-1129 affects Cisco Unity Connection 9.x, where a memory leak can be triggered by unauthenticated remote attackers sending many TCP requests, leading to memory consumption and eventual process crash (DoS). Cisco advisory CSCud59736 confirms unauthenticated, remote exploitation via crafted...
CVE-2014-7988
CVE-2014-7988 affects the Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier. The vulnerability allows remote authenticated users to obtain sensitive information by reading logs (information disclosure due to sensitive data in logs, Bug CSCur06493). An attacker must authen...
CVE-2015-6390
Cisco Unity Connection 9.1(1.10) management interface vulnerable to cross-site scripting (XSS) via crafted URLs. Root cause: insufficient input validation. Impact: partial integrity exposure; no explicit availability impact. Exploitation details: remote attacker could inject arbitrary script in t...
CVE-2013-5534
CVE-2013-5534 concerns Cisco Unity Connection’s VMWS attachment service. A directory traversal flaw in the VMWS/Nube (Voice Message Web Service) allows an authenticated remote user to craft file names that bypass validation, enabling placement of attacker-controlled files and, in some cases, arbi...