CVSS: 7.8EPSS: 0%CPEs: 115EXPL: 0CVE-2013-3453
https://notcve.org/view.php?id=CVE-2013-3453
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. Fuga de memoria en Cisco Unified Communications Manager IM y Presence Service anterior a 8.6(5)SU1 y 9.x anterior a 9.1(2), y Cisco Unified Presence, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y memoria) realizando multitud de conexiones TCP a los puertos (1) 5060 o (2) 5061. Aka Bug ID CSCud84959. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3412
https://notcve.org/view.php?id=CVE-2013-3412
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. Vulnerabilidad de inyección SQL en el Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(2) permite a atacantes remotos autenticados ejecutar comando arbitrarios SQL mediante vectores no especificados, también conocido como Bug ID CSCuh81766. • http://secunia.com/advisories/54249 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3402
https://notcve.org/view.php?id=CVE-2013-3402
An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. Una función no especificada en Cisco Unified Communications Manager (CUCM) v7.1 (x) ahasta v9.1 (2) permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores desconocidos, también conocido como Bug ID CSCuh73440. • http://secunia.com/advisories/54249 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3433
https://notcve.org/view.php?id=CVE-2013-3433
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la variable de entorno especificadas para los programas privilegiados, también conocido como Bug ID CSCui02276. • http://osvdb.org/95404 http://secunia.com/advisories/54249 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm http://www.securityfocus.com/bid/61297 •
CVSS: 0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4869
https://notcve.org/view.php?id=CVE-2013-4869
Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0." Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(2) y el IM & Presence Service en Cisco Unified Presence Server hasta v9.1(2) usan el mismo CTI y clave de cifrado de la base de datos entre las diversas instalaciones, lo que hace más fácil para los atacantes dependientes de contexto eludir los mecanismos de protección de cifrado mediante el aprovechamiento del conocimiento de esta clave, también conocido como Bug ID CSCsc69187 y CSCui01756. NOTA: el vendedor ha declarado de que la "clave de cifrado estática hardcodeada se considera un problema de hardening en lugar de una vulnerabilidad, y, como tal, tiene una puntuación CVSS de 0/0." • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm https://exchange.xforce.ibmcloud.com/vulnerabilities/85883 • CWE-522: Insufficiently Protected Credentials •