CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3433
https://notcve.org/view.php?id=CVE-2013-3433
18 Jul 2013 — Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la va... • http://osvdb.org/95404 •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 0CVE-2013-3434
https://notcve.org/view.php?id=CVE-2013-3434
18 Jul 2013 — Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. Vulnerabilidad de ruta de búsqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la va... • http://osvdb.org/95403 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4869
https://notcve.org/view.php?id=CVE-2013-4869
18 Jul 2013 — Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a har... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1133
https://notcve.org/view.php?id=CVE-2013-1133
27 Feb 2013 — Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337. Cisco Unified Communications Manager (CUCM) v8.6 antes de v8.6 (2a)su2, v8.6 BE3k antes de v8.6(4)BE3k y v9.x antes de v9.0(1) permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y la interfaz gráfica de... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cucm • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 93EXPL: 0CVE-2011-4486
https://notcve.org/view.php?id=CVE-2011-4486
01 Mar 2012 — Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538. Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anterior a v7.1(5b)su5, v8.0 anterior a v8.0(3a)su3, y v8.5 y v8... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 0CVE-2011-4487
https://notcve.org/view.php?id=CVE-2011-4487
01 Mar 2012 — SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anterior... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 74EXPL: 0CVE-2011-2072
https://notcve.org/view.php?id=CVE-2011-2072
03 Oct 2011 — Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. Una vulnerabilidad de pérdida de memoria en Cisco IOS v12.4, v15.0 y v15.1, Cisco IOS XE v2.5.x hasta v3.2.x, y Cisco Unified Com... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm • CWE-399: Resource Management Errors •