CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3402
https://notcve.org/view.php?id=CVE-2013-3402
18 Jul 2013 — An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. Una función no especificada en Cisco Unified Communications Manager (CUCM) v7.1 (x) ahasta v9.1 (2) permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores desconocidos, también conocido como Bug ID CSCuh73440. • http://secunia.com/advisories/54249 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3403
https://notcve.org/view.php?id=CVE-2013-3403
18 Jul 2013 — Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. Multiples vulnerabilidades de rutas de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(1a) permite a usuarios locales ganar privilegios mediante el aprovechamiento de problemas relacionados con... • http://secunia.com/advisories/54249 •
CVSS: 9.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3404
https://notcve.org/view.php?id=CVE-2013-3404
18 Jul 2013 — SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a), permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados dando lugar al descubrimiento ... • http://secunia.com/advisories/54249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3412
https://notcve.org/view.php?id=CVE-2013-3412
18 Jul 2013 — SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. Vulnerabilidad de inyección SQL en el Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(2) permite a atacantes remotos autenticados ejecutar comando arbitrarios SQL mediante vectores no especificados, también conocido como Bug ID CSCuh81766. • http://secunia.com/advisories/54249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3433
https://notcve.org/view.php?id=CVE-2013-3433
18 Jul 2013 — Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la va... • http://osvdb.org/95404 •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3434
https://notcve.org/view.php?id=CVE-2013-3434
18 Jul 2013 — Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la va... • http://osvdb.org/95403 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4869
https://notcve.org/view.php?id=CVE-2013-4869
18 Jul 2013 — Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a har... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1133
https://notcve.org/view.php?id=CVE-2013-1133
27 Feb 2013 — Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337. Cisco Unified Communications Manager (CUCM) v8.6 antes de v8.6 (2a)su2, v8.6 BE3k antes de v8.6(4)BE3k y v9.x antes de v9.0(1) permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y la interfaz gráfica de... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1134
https://notcve.org/view.php?id=CVE-2013-1134
27 Feb 2013 — The Location Bandwidth Manager (LBM) Intracluster-communication feature in Cisco Unified Communications Manager (CUCM) 9.x before 9.1(1) does not require authentication from the remote LBM Hub node, which allows remote attackers to conduct cache-poisoning attacks against transaction records, and cause a denial of service (bandwidth-pool consumption and call outage), via unspecified vectors, aka Bug ID CSCub28920. El Location Bandwidth Manager (LBM) entre clusters de comunicación, característica de Cisco Uni... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 260EXPL: 0CVE-2012-3949
https://notcve.org/view.php?id=CVE-2012-3949
27 Sep 2012 — The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. La implementación SIP en Cisco Unified Communica... • http://osvdb.org/85816 • CWE-20: Improper Input Validation •