CVE-2021-1357 – Cisco Unified Communications Products Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1357
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&:P), podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM&P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVE-2021-1364 – Cisco Unified Communications Products Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1364
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & Presence Service (Unified CM IM &), podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM amp;P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 • CWE-35: Path Traversal: '.../...//' CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-1282 – Cisco Unified Communications Products Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-1282
Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) podría permitir a un atacante conducir ataques de salto de ruta y ataques de inyección SQL en un sistema afectado. Una de las vulnerabilidades de inyección SQL que afecta a Unified CM IM&P también afecta a Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) y podría permitir a un atacante conducir ataques de inyección SQL en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-trav-inj-dM687ZD6 • CWE-35: Path Traversal: '.../...//' CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-15403 – Multiple Cisco Unified Communications Products Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2018-15403
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. Una vulnerabilidad en la interfaz web de Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM Presence Service y Cisco Unity Connection podría permitir que un atacante remoto autenticado redirija a un usuario a una página web maliciosa. • http://www.securitytracker.com/id/1041780 http://www.securitytracker.com/id/1041789 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-er-ucm-redirect • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2016-1466
https://notcve.org/view.php?id=CVE-2016-1466
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. Cisco Unified Communications Manager IM y Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1 y 11.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del proceso sipd) a través de cabeceras manipuladas en un paquete SIP, también conocido como Bug ID CSCva39072. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm http://www.securityfocus.com/bid/92271 http://www.securitytracker.com/id/1036526 • CWE-399: Resource Management Errors •