CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2018-0409
https://notcve.org/view.php?id=CVE-2018-0409
15 Aug 2018 — A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to ... • http://www.securityfocus.com/bid/105102 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0396
https://notcve.org/view.php?id=CVE-2018-0396
18 Jul 2018 — A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and inj... • http://www.securityfocus.com/bid/104872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0363
https://notcve.org/view.php?id=CVE-2018-0363
21 Jun 2018 — A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted li... • http://www.securityfocus.com/bid/104523 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-6464
https://notcve.org/view.php?id=CVE-2016-6464
14 Dec 2016 — A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). Una vulnerabilidad en la interfaz de administración web del Cisco Unified Communications Manager IM and Presence Service puede permitir a un atacante remoto no autenti... • http://www.securityfocus.com/bid/94802 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1466
https://notcve.org/view.php?id=CVE-2016-1466
08 Aug 2016 — Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. Cisco Unified Communications Manager IM y Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1 y 11.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del pro... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6310
https://notcve.org/view.php?id=CVE-2015-6310
08 Oct 2015 — The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. El interfaz REST en Cisco Unified Communications Manager IM y Presence Service 11.5(1), permite a atacantes remotos provocar una denegación de servicio (reinicio del servicio proxy SIP) a través de una petición HTTP manipuladas, también conocido como Bug ID CSCuw31632. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41242 • CWE-399: Resource Management Errors •