65 matches found
CVE-2013-1129
CVE-2013-1129 affects Cisco Unity Connection 9.x, where a memory leak can be triggered by unauthenticated remote attackers sending many TCP requests, leading to memory consumption and eventual process crash (DoS). Cisco advisory CSCud59736 confirms unauthenticated, remote exploitation via crafted...
CVE-2016-1304
Cisco Unity Connection 10.5(2.3009) is affected by a cross-site scripting (XSS) vulnerability (CVE-2016-1304) that allows remote attackers to inject arbitrary web script or HTML via a crafted value (Bug ID CSCux82596). Affected component is the HTTP web-based management interface; exploitation is...
CVE-2015-6299
Cisco Unity Connection web interface SQL injection (CVE-2015-6299) affects Cisco Unity Connection versions 9.1(1.2) and earlier. The vulnerability stems from lack of input validation in SQL queries, allowing an authenticated, remote attacker to execute arbitrary SQL commands via a crafted HTTP PO...
CVE-2014-2125
Cisco Unity Connection Web Inbox v8.6(2a)SU3 and earlier are affected by a cross-site scripting (XSS) vulnerability caused by insufficient input validation on a web inbox parameter. An unauthenticated, remote attacker could lure a user to a crafted link, allowing execution of arbitrary HTML/JavaS...
CVE-2014-3336
Cisco Unity Connection 9.1(2) and earlier contains a SQL injection in the web framework. The root cause is insufficient validation of SQL statements in the web server code, allowing an authenticated remote attacker to execute arbitrary SQL and potentially read data from the database. Cisco’s advi...
CVE-2015-0716
CVE-2015-0716 is a CSRF vulnerability in Cisco Unity Connection’s CUCReports page affecting 11.0(0.98000.225) and 11.0(0.98000.332). The underlying issue is insufficient CSRF protections, enabling remote attackers to hijack the authentication of arbitrary users. Cisco’s advisory notes unauthentic...
CVE-2016-1300
CVE-2016-1300 affects Cisco Unity Connection (UC) 10.5(2.3009) Web Framework. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient input validation, allowing remote, unauthenticated attackers to inject arbitrary script/HTML through a crafted URL. Impact per sources: attac...
CVE-2012-3096
Cisco Unity Connection (UC) versions 7.1, 8.0, and 8.5 are affected by CVE-2012-3096. The advisory states that remote authenticated users can trigger a denial of service (resource consumption and administration outage) through extended use of the product, identified as Bug ID CSCtd79132. The avai...
CVE-2026-20061
Cisco Unity Connection exposes a SQL injection vulnerability in its web-based management interface. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with valid credentials to submit crafted HTTP(S) requests to view data on the device...
CVE-2026-20034
Cisco Unity Connection’s web-based management interface is affected by a vulnerability where insufficient validation of user-supplied input enables an authenticated attacker, with valid credentials, to submit a crafted API request and execute arbitrary code as root. The impact is potentially comp...
CVE-2026-20059
Cisco Unity Connection’s web-based management interface is affected by a reflected XSS vulnerability (CVE-2026-20059). An unauthenticated, remote attacker can lure a user to click a crafted link, exploiting insufficient input validation to execute arbitrary script in the user’s browser or access ...
CVE-2026-20035
Cisco Unity Connection Web Inbox SSRF: unauthenticated attacker can cause the affected device to issue arbitrary network requests via crafted HTTP requests due to improper input validation. Affected component is the web UI; CVSS 3.1 base score 7.2 (NETWORK, HIGH). Exploitation status and remediat...
CVE-2026-20060
CVE-2026-20060 affects Cisco Unity Connection’s web-based management interface. It is a open-redirect vulnerability caused by improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malici...
CVE-2026-20078
Product/affected component: Cisco Unity Connection (web-based management interface). Vulnerability: Multiple input sanitization failures allow an authenticated, remote attacker to download arbitrary files from the affected system. Prerequisites: Valid administrative credentials. Attack vector: Ne...
CVE-2026-20081
Cisco Unity Connection is affected by CVE-2026-20081, which involves multiple vulnerabilities caused by improper sanitization of user input in the web-based management interface. An authenticated attacker with valid administrative credentials can trigger a crafted HTTPS request to download arbitr...