CVE-2013-6688
https://notcve.org/view.php?id=CVE-2013-6688
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. Vulnerabilidad de salto de directorio en la interfaz license-upload del componente Enterprise License Manager (ELM) de Cisco Unified Communications Manager 9.1(1) y anteriores permite a usuarios remotos autenticados crear archivos arbitrarios a través de rutas diseñadas, también conocido como Bug ID CSCui58222. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-3453
https://notcve.org/view.php?id=CVE-2013-3453
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. Fuga de memoria en Cisco Unified Communications Manager IM y Presence Service anterior a 8.6(5)SU1 y 9.x anterior a 9.1(2), y Cisco Unified Presence, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y memoria) realizando multitud de conexiones TCP a los puertos (1) 5060 o (2) 5061. Aka Bug ID CSCud84959. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cup • CWE-399: Resource Management Errors •
CVE-2012-3949
https://notcve.org/view.php?id=CVE-2012-3949
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. La implementación SIP en Cisco Unified Communications Manager (CUCM) v6.x y v7.x anteriores a v7.1(5b)su5, v8.x anteriores a v8.5(1)su4, y v8.6 anteriores a v8.6(2a)su1; Cisco IOS v12.2 hasta v12.4 y v15.0 hasta v15.2; y Cisco IOS XE v3.3.xSG anteriores a v3.3.1SG, v3.4.xS, y 3.5.xS permite a atacantes remotos a provocar una denegación de servicio (caída del servicio o recarga de dispositivo) a través de mensajes SIP manipulados que contienen la descripción de una sesión SDP, también conocido como Bug IDs CSCtw66721, CSCtj33003, y CSCtw84664. • http://osvdb.org/85816 http://secunia.com/advisories/50774 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-cucm http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-sip http://www.securityfocus.com/bid/55697 • CWE-20: Improper Input Validation •
CVE-2011-4019
https://notcve.org/view.php?id=CVE-2011-4019
Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. Pérdida de memoria en Cisco IOS v12.4 y v15.0 hasta v15.2, y Cisco Unified Communications Manager v7.x (CUCM), permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una respuesta modificada a un mensaje SIP SUBSCRIBE, también conocido como Bug ID CSCto93837 y CSCtj61883. • http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151TCAVS.html http://www.cisco.com/web/software/282074295/90289/cucm-readme-715bsu5.pdf • CWE-399: Resource Management Errors •
CVE-2011-4487
https://notcve.org/view.php?id=CVE-2011-4487
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. Vulnerabilidad de inyección SQL en Cisco Unified Communications Manager (CUCM) con software v6.x y v7.x anteriores a v7.1(5b)su5, v8.0 anteriores a v8.0(3a)su3, y v8.5 y v8.6 anteriores a v8.6(2a)su1 y Cisco Business Edition 3000 con software anterior a v8.6.3 y 5000 y 6000 con software anterior a v8.6(2a)su1, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un registro SCCP manipulado, también conocido como Bug ID CSCtu73538. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •