CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0749 – Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2015-0749
19 Feb 2020 — A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the at... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150522-CVE-2015-0749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
07 Jun 2018 — Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-6791
https://notcve.org/view.php?id=CVE-2017-6791
07 Sep 2017 — A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, res... • http://www.securityfocus.com/bid/100662 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3808
https://notcve.org/view.php?id=CVE-2017-3808
20 Apr 2017 — A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The d... • http://www.securityfocus.com/bid/97922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0717
https://notcve.org/view.php?id=CVE-2015-0717
16 May 2015 — Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. Cisco Unified Communications Manager 10.0(1.10000.12) permite a usuarios locales ganar privilegios a través de una cadena de comandos en un parámetro no especificado, también conocido como Bug ID CSCut19546. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38763 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0591
https://notcve.org/view.php?id=CVE-2015-0591
15 Jan 2015 — Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Cisco Unified Communications Domain Manager (UCDM) 10 permite a atacantes causar una denegación de servicio (cuelgue de demonio y interrupción de GUI) a través de una inundación de paquetes TCP malformados, también conocido como Bug ID CSCur44177. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0588
https://notcve.org/view.php?id=CVE-2015-0588
15 Jan 2015 — Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Vulnerabilidad de CSRF en Cisco Unified Communications Domain Manager (UCDM) 10 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuo77055. • http://secunia.com/advisories/62352 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
14 Nov 2014 — The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternativ... • http://secunia.com/advisories/62267 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-3338
https://notcve.org/view.php?id=CVE-2014-3338
12 Aug 2014 — The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. El módulo CTIManager en Cisco Unified Communications Manager (CM) 10.0(1), cuando el inicio se sesión único (single sign-on) está habilitado, no valida debidamente los tokens Kerberos SSO, lo que permite a usuarios remo... • http://secunia.com/advisories/60054 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-3317
https://notcve.org/view.php?id=CVE-2014-3317
14 Jul 2014 — Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. Vulnerabilidad de salto de directorio en Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager 10.0(1) permite a usuarios remotos autenticados eliminar ficheros arbitrarios a través de una URL manipulada, ta... • http://secunia.com/advisories/59727 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •