CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0363
https://notcve.org/view.php?id=CVE-2018-0363
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi55878. • http://www.securityfocus.com/bid/104523 http://www.securitytracker.com/id/1041170 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-ucmim-ps-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6464
https://notcve.org/view.php?id=CVE-2016-6464
A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages that should be restricted. More Information: CSCva49629. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(1.12000.2) 12.0(0.98000.181). Una vulnerabilidad en la interfaz de administración web del Cisco Unified Communications Manager IM and Presence Service puede permitir a un atacante remoto no autenticado ver información en páginas web que deberían estar restringidas. • http://www.securityfocus.com/bid/94802 http://www.securitytracker.com/id/1037412 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1466
https://notcve.org/view.php?id=CVE-2016-1466
Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a SIP packet, aka Bug ID CSCva39072. Cisco Unified Communications Manager IM y Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1 y 11.5(1) permite a atacantes remotos provocar una denegación de servicio (reinicio del proceso sipd) a través de cabeceras manipuladas en un paquete SIP, también conocido como Bug ID CSCva39072. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm http://www.securityfocus.com/bid/92271 http://www.securitytracker.com/id/1036526 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6310
https://notcve.org/view.php?id=CVE-2015-6310
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632. El interfaz REST en Cisco Unified Communications Manager IM y Presence Service 11.5(1), permite a atacantes remotos provocar una denegación de servicio (reinicio del servicio proxy SIP) a través de una petición HTTP manipuladas, también conocido como Bug ID CSCuw31632. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41242 http://www.securitytracker.com/id/1033732 • CWE-399: Resource Management Errors •