CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2018-0409
https://notcve.org/view.php?id=CVE-2018-0409
15 Aug 2018 — A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to ... • http://www.securityfocus.com/bid/105102 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0396
https://notcve.org/view.php?id=CVE-2018-0396
18 Jul 2018 — A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and inj... • http://www.securityfocus.com/bid/104872 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0363
https://notcve.org/view.php?id=CVE-2018-0363
21 Jun 2018 — A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted li... • http://www.securityfocus.com/bid/104523 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 12%CPEs: 12EXPL: 0CVE-2017-12337
https://notcve.org/view.php?id=CVE-2017-12337
16 Nov 2017 — A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access ... • http://www.securityfocus.com/bid/101865 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2016-6464
https://notcve.org/view.php?id=CVE-2016-6464
14 Dec 2016 — A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). Una vulnerabilidad en la interfaz de administración web del Cisco Unified Communications Manager IM and Presence Service puede permitir a un atacante remoto no autenti... • http://www.securityfocus.com/bid/94802 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1466
https://notcve.org/view.php?id=CVE-2016-1466
08 Aug 2016 — Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. Cisco Unified Communications Manager IM y Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1 y 11.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del pro... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6310
https://notcve.org/view.php?id=CVE-2015-6310
08 Oct 2015 — The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. El interfaz REST en Cisco Unified Communications Manager IM y Presence Service 11.5(1), permite a atacantes remotos provocar una denegación de servicio (reinicio del servicio proxy SIP) a través de una petición HTTP manipuladas, también conocido como Bug ID CSCuw31632. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41242 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4294
https://notcve.org/view.php?id=CVE-2015-4294
01 Aug 2015 — Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766. Vulnerabilidad XSS en Cisco IM y Presence Service en versiones anteriores a 10.5 MR1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante la construcción de una URL manipulada que aprovecha un filtrado incompleto... • http://tools.cisco.com/security/center/viewAlert.x?alertId=40217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4221
https://notcve.org/view.php?id=CVE-2015-4221
26 Jun 2015 — Cisco Unified Communications Manager IM and Presence Service 9.1(1) does not properly restrict access to encrypted passwords, which allows remote attackers to determine cleartext passwords, and consequently execute arbitrary commands, by visiting an unspecified web page and then conducting a decryption attack, aka Bug ID CSCuq46194. Cisco Unified Communications Manager IM y Presence Service 9.1(1) no restringe correctamente el acceso a las contraseñas cifradas, lo que permite a atacantes remotos determinar ... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39505 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4222
https://notcve.org/view.php?id=CVE-2015-4222
26 Jun 2015 — SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager IM y Presence Service 9.1(1) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados, también conocido como Bug ID CSCuq46325. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39506 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •