Unity Connection Security Vulnerabilities and Issues — Unity Connection CVE List

Lucene search

CiscoUnity Connection

10 matches found

CVE•added 2015/04/03 6:59 p.m.•55 views

CVE-2015-0613

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via ...

7.1CVSS6.7AI score0.00399EPSS

CVE•added 2015/04/03 6:59 p.m.•51 views

CVE-2015-0612

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CS...

7.1CVSS6.6AI score0.00399EPSS

CVE•added 2015/04/03 6:59 p.m.•50 views

CVE-2015-0614

7.1CVSS6.7AI score0.00399EPSS

CVE•added 2015/05/07 1:59 a.m.•46 views

CVE-2015-0715

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.

6.5CVSS8.2AI score0.00287EPSS

CVE•added 2015/04/03 6:59 p.m.•45 views

CVE-2015-0616

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SI...

7.1CVSS6.7AI score0.00399EPSS

CVE•added 2015/04/03 6:59 p.m.•44 views

CVE-2015-0615

The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sess...

7.1CVSS6.7AI score0.00399EPSS

CVE•added 2015/12/03 3:59 a.m.•43 views

CVE-2015-6390

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.

4.3CVSS5.8AI score0.00402EPSS

CVE•added 2015/12/12 4:59 p.m.•43 views

CVE-2015-6408

Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.

6.8CVSS7.4AI score0.00126EPSS

CVE•added 2015/09/20 2:59 p.m.•40 views

CVE-2015-6299

SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.

6.5CVSS8.1AI score0.00287EPSS

CVE•added 2015/05/07 1:59 a.m.•38 views

CVE-2015-0716

Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

6.8CVSS7.4AI score0.00116EPSS