CVE-2019-15986

CVE-2019-15986 is a Cisco Unity Express local command injection vulnerability. An authenticated, local attacker with valid administrator credentials can feed crafted CLI commands due to improper input validation, leading to arbitrary commands executed with root privileges. Cisco’s advisory confir...

CVE-2005-4794

The CVE-2005-4794 issue affects Cisco devices listed in the Initial document: IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM). The vulnerability is a denial of service caused by processing a compressed DNS packet containing a label length by...

CVE-2018-15381

Cisco Unity Express (CUE) is affected by CVE-2018-15381 due to insecure Java deserialization, allowing an unauthenticated remote attacker to execute arbitrary shell commands with root privileges by sending a malicious serialized Java object to the RMI service. Affected releases prior to Cisco Uni...

CVE-2013-1120

CVE-2013-1120 applies to Cisco Unity Express prior to version 8.0, with CSRF vulnerabilities that can allow remote attackers to hijack user authentication. The entry has a base CVSS v2 score of 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P). Remediation: OpenVAS data indicates a vendor fix (VendorFix) as the s...

CVE-2006-2166

CVE-2006-2166 affects Cisco Unity Express (CUE) 2.2(2) and earlier when running on any CUE AIM or NM. The HTTP management interface contains an unspecified vulnerability that allows remote authenticated attackers to reset the password for any user with an expired password. The connected documents...