CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0686
https://notcve.org/view.php?id=CVE-2014-0686
04 Feb 2014 — Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908. Cisco Unified Communications Manager (también conocido como Unified CM) 9.1 (2.10000.28) y anteriores permite a usuarios locales obtener privilegios mediante el aprovechamiento de los permisos de fichero no correctos, también conocido como Bug IDs CSCul24917 y CSCul24908. • http://osvdb.org/102750 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 113EXPL: 0CVE-2014-0657
https://notcve.org/view.php?id=CVE-2014-0657
08 Jan 2014 — The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540. El portal de administración en Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores no maneja apropiadamente las restricciones por rol, lo que permite a usuarios remotos autenticados sortear el control de a... • http://osvdb.org/101800 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 113EXPL: 0CVE-2013-6978
https://notcve.org/view.php?id=CVE-2013-6978
21 Dec 2013 — The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. El componente disaster recovery system (DRS) en CIsco Unified Communications Manager (UCM) 9.1 (1) y anteriores permite usuarios remotos autenticados obtener información sensible dle dispositivo leyendo "extraneous information" en el código fuente H... • http://osvdb.org/101162 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 113EXPL: 0CVE-2013-6688
https://notcve.org/view.php?id=CVE-2013-6688
16 Nov 2013 — Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. Vulnerabilidad de salto de directorio en la interfaz license-upload del componente Enterprise License Manager (ELM) de Cisco Unified Communications Manager 9.1(1) y anteriores permite a usuarios remotos autenticados crear archivos arb... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.9EPSS: 0%CPEs: 113EXPL: 0CVE-2013-6689
https://notcve.org/view.php?id=CVE-2013-6689
16 Nov 2013 — Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. Cisco Unified Communications Manager (Unified CM) 9.1 (1) y anteriores permite a usuarios locales eludir los permisos de archivos, y leer, modificar o crear ficheros arbitrariamente, a través de una "sobrecarga" de la utilidad de línea de comandos, también conocido como Bug ID CSC... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 8%CPEs: 40EXPL: 0CVE-2013-3462
https://notcve.org/view.php?id=CVE-2013-3462
25 Aug 2013 — Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. Desbordamiento de búfer en Cisco Unified Communications Manager (Unified CM) v7.1(x) anterior a v7.1(5b)su6, v8.5(x) anterior a v8.5(1)su6, v8.6(x) anterior a v8.6(2a)su3, y v9.x anterior a v9.1(2) permite a los usuarios remotos autenti... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 115EXPL: 0CVE-2013-3453
https://notcve.org/view.php?id=CVE-2013-3453
22 Aug 2013 — Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. Fuga de memoria en Cisco Unified Communications Manager IM y Presence Service anterior a 8.6(5)SU1 y 9.x anterior a 9.1(2), y Cisco Unified Presence, permite a atacantes remotos provocar una denegación ... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3402
https://notcve.org/view.php?id=CVE-2013-3402
18 Jul 2013 — An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. Una función no especificada en Cisco Unified Communications Manager (CUCM) v7.1 (x) ahasta v9.1 (2) permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores desconocidos, también conocido como Bug ID CSCuh73440. • http://secunia.com/advisories/54249 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3403
https://notcve.org/view.php?id=CVE-2013-3403
18 Jul 2013 — Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. Multiples vulnerabilidades de rutas de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1(x) hasta v9.1(1a) permite a usuarios locales ganar privilegios mediante el aprovechamiento de problemas relacionados con... • http://secunia.com/advisories/54249 •
CVSS: 9.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3404
https://notcve.org/view.php?id=CVE-2013-3404
18 Jul 2013 — SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a), permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados dando lugar al descubrimiento ... • http://secunia.com/advisories/54249 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •