CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8020
https://notcve.org/view.php?id=CVE-2014-8020
Cisco Unified Communication Domain Manager Platform Software allows remote attackers to cause a denial of service (CPU consumption, and performance degradation or service outage) via a flood of malformed TCP packets and UDP packets, aka Bug ID CSCup25276. Cisco Unified Communication Domain Manager Platform Software permite a atacantes remotos causar una denegación de servicio (consumo de CPU, y degradación de funcionamiento o interrupción de servicio) a través de una inundación de paquetes TCP y paquetes UDP malformados, también conocido como Bug ID CSCup25276. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8020 http://www.securityfocus.com/bid/71975 http://www.securitytracker.com/id/1031520 https://exchange.xforce.ibmcloud.com/vulnerabilities/100573 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8018
https://notcve.org/view.php?id=CVE-2014-8018
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661. Múltiples vulnerabilidades XSS en BetkQ Access Manager (NAM) 4.x anterior a 4.1 permite a atacantes remotos inyectar scripts o HTML arbitrario mediante (1) un parámetro arbitrario hacia roma/jsp/debug/debug.jsp o (2) un parámetro arbitrario en la acción debug.DumpAll hacia nps/servlet/webacc, un problema distinto de CVE-2014-5216. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018 http://www.securityfocus.com/bid/71771 http://www.securitytracker.com/id/1031424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8010
https://notcve.org/view.php?id=CVE-2014-8010
The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205. El Framework web en Cisco Unified Communications Domain Manager 8 permite a administradores remotos autenticados ejecutar comandos OS arbitrarios a través de valores manipulados, también conocido como Bug ID CSCuq50205. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8010 http://www.securitytracker.com/id/1031339 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8000
https://notcve.org/view.php?id=CVE-2014-8000
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. Cisco Unified Communications Manager IM and Presence Service 9.1(1) produce mensajes de retorno diferentes para peticiones URL en función de si existe un nombre de usuario, lo que permite a atacantes remotos enumerar las cuentas de usuario a través de una serie de peticiones, también conocido como Bug ID CSCur63497. • http://secunia.com/advisories/62558 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8000 http://tools.cisco.com/security/center/viewAlert.x?alertId=36467 http://www.securityfocus.com/bid/71173 http://www.securitytracker.com/id/1031240 https://exchange.xforce.ibmcloud.com/vulnerabilities/98786 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376. • http://secunia.com/advisories/62267 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 http://www.securityfocus.com/bid/71013 http://www.securitytracker.com/id/1031181 https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 • CWE-310: Cryptographic Issues •