CVE-2017-6654
https://notcve.org/view.php?id=CVE-2017-6654
A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608. • http://www.securityfocus.com/bid/98527 http://www.securitytracker.com/id/1038512 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3808
https://notcve.org/view.php?id=CVE-2017-3808
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. • http://www.securityfocus.com/bid/97922 http://www.securitytracker.com/id/1038318 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-3872
https://notcve.org/view.php?id=CVE-2017-3872
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219). Una vulnerabilidad de desviación del filtro XSS en la interfaz de administración basada en web de Cisco Unified Communications Manager podría permitir que un atacante remoto no autenticado lleve a cabo ataques XSS contra un usuario de un dispositivo afectado. • http://www.securityfocus.com/bid/96916 http://www.securitytracker.com/id/1038036 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-3821
https://notcve.org/view.php?id=CVE-2017-3821
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609). Una vulnerabilidad en la página de servicio de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS reflejados. • http://www.securityfocus.com/bid/96241 http://www.securitytracker.com/id/1037839 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-6425
https://notcve.org/view.php?id=CVE-2015-6425
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786. El subsistema WebApplications Identity Management en Cisco Unified Communications Manager 10.5(0.98000.88) permite a atacantes remotos causar una denegación de servicio (interrupción del subsistema) a través de sesiones token inválidas, también conocido como Bug ID CSCul83786. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim http://www.securityfocus.com/bid/79275 http://www.securitytracker.com/id/1034431 • CWE-399: Resource Management Errors •