CVSS: 7.8EPSS: 85%CPEs: 75EXPL: 1CVE-2011-3315 – Cisco - 'file' Directory Traversal
https://notcve.org/view.php?id=CVE-2011-3315
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (CUCM) v5.x y v6.x anterior v6.1(5)SU2, v7.x anterior v7.1(5b)SU2 y v8.x anterior v8.0(3), y Cisco Unified Contact Center Express (también conocido como Unified CCX o UCCX) y Cisco Unified IP Interactive Voice Response (Unified IP-IVR) anterior a v6.0(1)SR1ES8, v7.0(x) anterior a v7.0(2)ES1, v8.0(x) hasta v8.0(2)SU3, y v8.5(x) anterior a v8.5(1)SU2, permite a atacantes remotos leer ficheros arbitrarios mediante una URL especialmente diseñada, también conocido como Bug IDs CSCth09343 y CSCts44049. • https://www.exploit-db.com/exploits/36256 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 1%CPEs: 74EXPL: 0CVE-2011-2072
https://notcve.org/view.php?id=CVE-2011-2072
Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. Una vulnerabilidad de pérdida de memoria en Cisco IOS v12.4, v15.0 y v15.1, Cisco IOS XE v2.5.x hasta v3.2.x, y Cisco Unified Communications Manager (CUCM) v6.x y v7.x antes de v7.1(5b)SU4, v8.x antes de v8.5(1)su2, y v8.6 antes de v8.6(1) permite a atacantes remotos causar una denegación de servicio (consumo de memoria y reinicio del dispositivo o fallo de procesos) a través de un mensaje SIP mal formado. Se trata de un problema también conocido como Bug ID CSCtl86047 y CSCto88686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm http://tools.cisco.com/security/center/viewAlert.x?alertId=24129 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d58.shtml http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d5a.shtml http://www.securitytracker.com/id?1026110 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2011-2562
https://notcve.org/view.php?id=CVE-2011-2562
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM, CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su3, v8.x antes de v8.0(3a)su1, y v8.5 antes de v8.5(1), permite a atacantes remotos provocar una denegación de servicio (interrupción del servicio) a través de un mensaje SIP INVITE, también conocido como Bug ID CSCth43256 • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml •
CVSS: 10.0EPSS: 0%CPEs: 69EXPL: 0CVE-2011-1643
https://notcve.org/view.php?id=CVE-2011-1643
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. Cisco Unified Communications Manager (también conocido como CUCM o formerly CallManager) v6.x, v7.x antes de v7.1(5b)su4, v8.0, y v8.5 antes de v8.5(1)su2 y Cisco Unified Presence Server v6.x, v7.x, v8.0, y v8.5 antes de v8.5xnr, permite a atacantes remotos leer datos de la base de datos conectandose a la interfaz de consulta a través de una sesión SSL, también conocido como Bug IDs CSCti81574, CSCto63060, CSCto72183 y CSCto73833. • http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 2%CPEs: 47EXPL: 0CVE-2011-1604
https://notcve.org/view.php?id=CVE-2011-1604
Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. Vulnerabilidad no especificada en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su2, v7.x antes de v7.1(5b)su2, v8.0 antes de v8.0(3), y v8.5 antes de v8.5(1) permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y fallo del proceso) a través de un mensaje SIP con formato incorrecto, también conocido como Bug ID CSCti42904. • http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://secunia.com/advisories/44331 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47609 http://www.securitytracker.com/id?1025449 http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67122 • CWE-399: Resource Management Errors •