NotCVE - vendor:"Cisco" product:"Unity Connection" version:"12.5\(1\)su6"

18 results (0.010 seconds)

CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0

CVE-2024-20253

https://notcve.org/view.php?id=CVE-2024-20253

26 Jan 2024 — A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying op... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-20305

https://notcve.org/view.php?id=CVE-2024-20305

26 Jan 2024 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2024-20272

https://notcve.org/view.php?id=CVE-2024-20272

17 Jan 2024 — A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store maliciou... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2023-20266

https://notcve.org/view.php?id=CVE-2023-20266

30 Aug 2023 — A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A su... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-priv-esc-D8Bky5eg • CWE-269: Improper Privilege Management CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-20800 – Cisco Unified Communications Products Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2022-20800

06 Jul 2022 — A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not pro... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-20752 – Cisco Unified Communications Products Timing Attack Vulnerability

https://notcve.org/view.php?id=CVE-2022-20752

06 Jul 2022 — A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sen... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-timing-JVbHECOK • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-20788 – Cisco Unified Communications Products Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2022-20788

21 Apr 2022 — A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of t... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-6MCe4kPF • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-34701 – Cisco Unified Communications Products Path Traversal Vulnerability

https://notcve.org/view.php?id=CVE-2021-34701

04 Nov 2021 — A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-1409 – Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2021-1409

08 Apr 2021 — Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does no... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-Q4PZcNzJ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2021-1380 – Cisco Unified Communications Products Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2021-1380

1 2