CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2009-0632
https://notcve.org/view.php?id=CVE-2009-0632
12 Mar 2009 — The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unrelated to th... • http://osvdb.org/52589 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2009-0057
https://notcve.org/view.php?id=CVE-2009-0057
22 Jan 2009 — The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely." El servicio Certificate Authority Proxy Function (CAPF) en Cisco Unified Communications Manager 5.x antes de 5.1(3e) y 6.x antes de 6.1(3) permite a atacantes remotos provocar una denegación de servicio (par... • http://secunia.com/advisories/33588 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2008-3800
https://notcve.org/view.php?id=CVE-2008-3800
26 Sep 2008 — Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12... • http://secunia.com/advisories/31990 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2008-3801
https://notcve.org/view.php?id=CVE-2008-3801
26 Sep 2008 — Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. Vulnerabilidad no especificada en la implementación de la Session Initiation Protocol en Cisco IOS v12.2 a la v12... • http://secunia.com/advisories/31990 •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-2061
https://notcve.org/view.php?id=CVE-2008-2061
26 Jun 2008 — The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. El Servicio Computer Telephony Integration (CTI) Manager de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3c) y 6.x versiones anteriores a la 6.1(2) permite a atacantes remotos provocar una denegación de servicio (caída TS... • http://secunia.com/advisories/30848 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2062
https://notcve.org/view.php?id=CVE-2008-2062
26 Jun 2008 — The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. El Servicio Real-Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) versiones anteriores a la 4.2(3)SR4 y 4.3 versiones anterieos a la ... • http://secunia.com/advisories/30848 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2730
https://notcve.org/view.php?id=CVE-2008-2730
26 Jun 2008 — The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843. El Servicio Real -Time Information Server (RIS) Data Collector de Cisco Unified Communications Manager (CUCM) 5.x versiones anteriores a la 5.1(3) y 6.x versiones anteriores a la 6... • http://secunia.com/advisories/30848 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 0CVE-2008-1746
https://notcve.org/view.php?id=CVE-2008-1746
16 May 2008 — The SNMP Trap Agent service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (core dump and service restart) via a series of malformed UDP packets, as demonstrated by the IP Stack Integrity Checker (ISIC), aka Bug ID CSCsj24113. El servicio SNMP Trap Agent de Cisco Unified Communications Manager (CUCM) 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones a... • http://secunia.com/advisories/30238 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2008-1747
https://notcve.org/view.php?id=CVE-2008-1747
16 May 2008 — Unspecified vulnerability in Cisco Unified Communications Manager 4.1 before 4.1(3)SR6, 4.2 before 4.2(3)SR3, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) allows remote attackers to cause a denial of service (CCM service restart) via an unspecified SIP INVITE message, aka Bug ID CSCsk46944. Vulnerabilidad no especificada en Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR6, 4.2 versiones anteriores a 4.2(3)SR3, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriore... • http://secunia.com/advisories/30238 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2008-1748
https://notcve.org/view.php?id=CVE-2008-1748
16 May 2008 — Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355. Cisco Unified Communications Manager 4.1 versiones anteriores a 4.1(3)SR7, 4.2 versiones anteriores a 4.2(3)SR4, 4.3 versiones anteriores a 4.3(2), 5.x versiones anteriores a 5.1(3), y 6.x versiones ante... • http://secunia.com/advisories/30238 • CWE-20: Improper Input Validation •