CVE-2015-0588
https://notcve.org/view.php?id=CVE-2015-0588
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. Vulnerabilidad de CSRF en Cisco Unified Communications Domain Manager (UCDM) 10 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, también conocido como Bug ID CSCuo77055. • http://secunia.com/advisories/62352 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0588 http://www.securityfocus.com/bid/72082 http://www.securitytracker.com/id/1031559 https://exchange.xforce.ibmcloud.com/vulnerabilities/100657 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-0591
https://notcve.org/view.php?id=CVE-2015-0591
Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. Cisco Unified Communications Domain Manager (UCDM) 10 permite a atacantes causar una denegación de servicio (cuelgue de demonio y interrupción de GUI) a través de una inundación de paquetes TCP malformados, también conocido como Bug ID CSCur44177. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0591 http://www.securityfocus.com/bid/72084 http://www.securitytracker.com/id/1031561 https://exchange.xforce.ibmcloud.com/vulnerabilities/100661 • CWE-399: Resource Management Errors •
CVE-2014-7991
https://notcve.org/view.php?id=CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. El subsistema de acceso remoto móvil en Cisco Unified Communications Manager (CM) 10.0(1) y anteriores no valida correctamente el campo 'Subject Alternative Name' (SAN) de un certificado X.509, lo que permite a atacantes man-in.the-middle engañar el núcleo de los dispositivos VCS a través de un certificado manipulado por una Autoridad Certificadora, también conocido como ID CSCuq86376. • http://secunia.com/advisories/62267 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991 http://tools.cisco.com/security/center/viewAlert.x?alertId=36381 http://www.securityfocus.com/bid/71013 http://www.securitytracker.com/id/1031181 https://exchange.xforce.ibmcloud.com/vulnerabilities/98574 • CWE-310: Cryptographic Issues •
CVE-2014-3338
https://notcve.org/view.php?id=CVE-2014-3338
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. El módulo CTIManager en Cisco Unified Communications Manager (CM) 10.0(1), cuando el inicio se sesión único (single sign-on) está habilitado, no valida debidamente los tokens Kerberos SSO, lo que permite a usuarios remotos autenticados ganar privilegios y ejecutar comandos arbitrarios a través de datos de tokens manipulados, también conocido como Bug ID CSCum95491. • http://secunia.com/advisories/60054 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3338 http://tools.cisco.com/security/center/viewAlert.x?alertId=35258 http://www.securityfocus.com/bid/69176 http://www.securitytracker.com/id/1030710 https://exchange.xforce.ibmcloud.com/vulnerabilities/95246 • CWE-20: Improper Input Validation •
CVE-2014-3317
https://notcve.org/view.php?id=CVE-2014-3317
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314. Vulnerabilidad de salto de directorio en Multiple Analyzer en el componente Dialed Number Analyzer (DNA) en Cisco Unified Communications Manager 10.0(1) permite a usuarios remotos autenticados eliminar ficheros arbitrarios a través de una URL manipulada, también conocido como Bug ID CSCup76314. • http://secunia.com/advisories/59727 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3317 http://tools.cisco.com/security/center/viewAlert.x?alertId=34898 http://www.securityfocus.com/bid/68481 http://www.securitytracker.com/id/1030554 https://exchange.xforce.ibmcloud.com/vulnerabilities/94435 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •