CVE-2012-3949
https://notcve.org/view.php?id=CVE-2012-3949
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. La implementación SIP en Cisco Unified Communications Manager (CUCM) v6.x y v7.x anteriores a v7.1(5b)su5, v8.x anteriores a v8.5(1)su4, y v8.6 anteriores a v8.6(2a)su1; Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.2; y Cisco IOS XE v3.3.xSG anteriores a v3.3.1SG, v3.4.xS, y 3.5.xS permite a atacantes remotos a provocar una denegación de servicio (caída del servicio o recarga de dispositivo) a través de mensajes SIP manipulados que contienen la descripción de una sesión SDP, también conocido como Bug IDs CSCtw66721, CSCtj33003, y CSCtw84664. • http://osvdb.org/85816 http://secunia.com/advisories/50774 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip http://www.securityfocus.com/bid/55697 • CWE-20: Improper Input Validation •
CVE-2011-4487
https://notcve.org/view.php?id=CVE-2011-4487
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anteriores a v7.1(5b)su5, v8.0 anteriores a v8.0(3a)su3, y v8.5 y v8.6 anteriores a v8.6(2a)su1 y Cisco Business Edition 3000 con software anterior a v8.6.3 y 5000 y 6000 con software anterior a v8.6(2a)su1, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un registro SCCP manipulado, también conocido como Bug ID CSCtu73538. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-4486
https://notcve.org/view.php?id=CVE-2011-4486
Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538. Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anterior a v7.1(5b)su5, v8.0 anterior a v8.0(3a)su3, y v8.5 y v8.6 anterior a v8.6(2a)su1 y Cisco Business Edition 3000 con software anterior a v8.6.3 y 5000 y 6000 con software anterior a v8.6(2a)su1 permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un registro SCCP manipulado, también conocido como Bug ID CSCtu73538. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm • CWE-399: Resource Management Errors •
CVE-2011-0941
https://notcve.org/view.php?id=CVE-2011-0941
Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179. Pérdida de memoria en versión del Unified Communications Manager (CUCM) de Cisco versiones 6.x anteriores a 6.1(5)su2, versiones 7.x anteriores a 7.1(5b)su3, versiones 8.x anteriores a 8.0(3a)su1, y versión 8.5 anterior a 8.5(1), y IOS de Cisco versiones 12.4 y 15.1, permite a los atacantes remotos causar una denegación de servicio (consumo de memoria y fallo del proceso o recarga del dispositivo) por medio de un mensaje SIP malformado, también se conoce como ID de bug CSCti75128 y CSCtj09179. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm http://tools.cisco.com/security/center/viewAlert.x?alertId=24525 • CWE-399: Resource Management Errors •
CVE-2011-3315 – Cisco - 'file' Directory Traversal
https://notcve.org/view.php?id=CVE-2011-3315
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. Vulnerabilidad de salto de directorio en Cisco Unified Communications Manager (CUCM) v5.x y v6.x anterior v6.1(5)SU2, v7.x anterior v7.1(5b)SU2 y v8.x anterior v8.0(3), y Cisco Unified Contact Center Express (también conocido como Unified CCX o UCCX) y Cisco Unified IP Interactive Voice Response (Unified IP-IVR) anterior a v6.0(1)SR1ES8, v7.0(x) anterior a v7.0(2)ES1, v8.0(x) hasta v8.0(2)SU3, y v8.5(x) anterior a v8.5(1)SU2, permite a atacantes remotos leer ficheros arbitrarios mediante una URL especialmente diseñada, también conocido como Bug IDs CSCth09343 y CSCts44049. • https://www.exploit-db.com/exploits/36256 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •