Lucene search
K
CiscoUnity Connection

65 matches found

CVE
CVE
added 2013/02/19 11:0 p.m.52 views

CVE-2013-1129

CVE-2013-1129 affects Cisco Unity Connection 9.x, where a memory leak can be triggered by unauthenticated remote attackers sending many TCP requests, leading to memory consumption and eventual process crash (DoS). Cisco advisory CSCud59736 confirms unauthenticated, remote exploitation via crafted...

5CVSS6.8AI score0.01232EPSS
CVE
CVE
added 2016/01/30 11:0 a.m.52 views

CVE-2016-1304

Cisco Unity Connection 10.5(2.3009) is affected by a cross-site scripting (XSS) vulnerability (CVE-2016-1304) that allows remote attackers to inject arbitrary web script or HTML via a crafted value (Bug ID CSCux82596). Affected component is the HTTP web-based management interface; exploitation is...

6.1CVSS5.9AI score0.01009EPSS
CVE
CVE
added 2015/09/20 2:0 p.m.51 views

CVE-2015-6299

Cisco Unity Connection web interface SQL injection (CVE-2015-6299) affects Cisco Unity Connection versions 9.1(1.2) and earlier. The vulnerability stems from lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute arbitrary SQL commands via a crafted HTTP PO...

6.5CVSS8.1AI score0.01592EPSS
CVE
CVE
added 2014/04/02 1:0 a.m.50 views

CVE-2014-2125

Cisco Unity Connection Web Inbox v8.6(2a)SU3 and earlier are affected by a cross-site scripting (XSS) vulnerability caused by insufficient input validation on a web inbox parameter. An unauthenticated, remote attacker could lure a user to a crafted link, allowing execution of arbitrary HTML/JavaS...

4.3CVSS5.9AI score0.01148EPSS
CVE
CVE
added 2014/08/11 8:0 p.m.50 views

CVE-2014-3336

Cisco Unity Connection 9.1(2) and earlier contains a SQL injection in the web framework. The root cause is insufficient validation of SQL statements in the web server code, allowing an authenticated remote attacker to execute arbitrary SQL and potentially read data from the database. Cisco’s advi...

6.5CVSS8.1AI score0.01711EPSS
CVE
CVE
added 2015/05/07 1:0 a.m.49 views

CVE-2015-0716

CVE-2015-0716 is a CSRF vulnerability in Cisco Unity Connection’s CUCReports page affecting 11.0(0.98000.225) and 11.0(0.98000.332). The underlying issue is insufficient CSRF protections, enabling remote attackers to hijack the authentication of arbitrary users. Cisco’s advisory notes unauthentic...

6.8CVSS7.4AI score0.00824EPSS
CVE
CVE
added 2016/01/27 10:0 p.m.49 views

CVE-2016-1300

CVE-2016-1300 affects Cisco Unity Connection (UC) 10.5(2.3009) Web Framework. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient input validation, allowing remote, unauthenticated attackers to inject arbitrary script/HTML through a crafted URL. Impact per sources: attac...

6.1CVSS5.9AI score0.00773EPSS
CVE
CVE
added 2012/09/16 10:0 a.m.47 views

CVE-2012-3096

Cisco Unity Connection (UC) versions 7.1, 8.0, and 8.5 are affected by CVE-2012-3096. The advisory states that remote authenticated users can trigger a denial of service (resource consumption and administration outage) through extended use of the product, identified as Bug ID CSCtd79132. The avai...

4CVSS6.5AI score0.00973EPSS
CVE
CVE
added 2026/04/15 4:11 p.m.27 views

CVE-2026-20061

Cisco Unity Connection exposes a SQL injection vulnerability in its web-based management interface. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with valid credentials to submit crafted HTTP(S) requests to view data on the device...

6.5CVSS6AI score0.00228EPSS
CVE
CVE
added 2026/05/06 4:16 p.m.26 views

CVE-2026-20034

Cisco Unity Connection’s web-based management interface is affected by a vulnerability where insufficient validation of user-supplied input enables an authenticated attacker, with valid credentials, to submit a crafted API request and execute arbitrary code as root. The impact is potentially comp...

8.8CVSS6.3AI score0.00712EPSS
CVE
CVE
added 2026/04/15 4:11 p.m.21 views

CVE-2026-20059

Cisco Unity Connection’s web-based management interface is affected by a reflected XSS vulnerability (CVE-2026-20059). An unauthenticated, remote attacker can lure a user to click a crafted link, exploiting insufficient input validation to execute arbitrary script in the user’s browser or access ...

6.1CVSS6.1AI score0.00193EPSS
CVE
CVE
added 2026/05/06 4:15 p.m.19 views

CVE-2026-20035

Cisco Unity Connection Web Inbox SSRF: unauthenticated attacker can cause the affected device to issue arbitrary network requests via crafted HTTP requests due to improper input validation. Affected component is the web UI; CVSS 3.1 base score 7.2 (NETWORK, HIGH). Exploitation status and remediat...

7.2CVSS6AI score0.00304EPSS
CVE
CVE
added 2026/04/15 4:11 p.m.15 views

CVE-2026-20060

CVE-2026-20060 affects Cisco Unity Connection’s web-based management interface. It is a open-redirect vulnerability caused by improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malici...

4.7CVSS5.8AI score0.00202EPSS
CVE
CVE
added 2026/04/15 4:3 p.m.15 views

CVE-2026-20078

Product/affected component: Cisco Unity Connection (web-based management interface). Vulnerability: Multiple input sanitization failures allow an authenticated, remote attacker to download arbitrary files from the affected system. Prerequisites: Valid administrative credentials. Attack vector: Ne...

6.5CVSS6AI score0.00388EPSS
CVE
CVE
added 2026/04/15 4:3 p.m.15 views

CVE-2026-20081

Cisco Unity Connection is affected by CVE-2026-20081, which involves multiple vulnerabilities caused by improper sanitization of user input in the web-based management interface. An authenticated attacker with valid administrative credentials can trigger a crafted HTTPS request to download arbitr...

6.5CVSS6AI score0.00388EPSS
Total number of security vulnerabilities65