Total
238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0736 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Call Detail Records Analysis and Reporting (CAR) page in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make CAR modifications, aka Bug ID CSCum46468.
|
|||||
| CVE-2014-0734 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.
|
|||||
| CVE-2013-6689 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.
|
|||||
| CVE-2013-5555 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349.
|
|||||
| CVE-2013-1188 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Unified Communications Manager (CUCM) does not properly limit the rate of authentication attempts, which allows remote attackers to cause a denial of service (application slowdown) via a series of requests, aka Bug ID CSCud39515.
|
|||||
| CVE-2010-2838 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305.
|
|||||
| CVE-2011-1607 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
|
|||||
| CVE-2011-1609 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 8.5 HIGH | N/A |
|
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
|
|||||
| CVE-2013-3442 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854.
|
|||||
| CVE-2013-1133 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 BE3k before 8.6(4) BE3k, and 9.x before 9.0(1) allows remote attackers to cause a denial of service (CPU consumption and GUI and voice outages) via malformed packets to unused UDP ports, aka Bug ID CSCtx43337.
|
|||||
| CVE-2013-3472 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210.
|
|||||
| CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033.
|
|||||
| CVE-2013-5528 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
|
|||||
| CVE-2014-0733 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.
|
|||||
| CVE-2010-2834 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)SU1, 7.x before 7.1(5), and 8.0 before 8.0(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via crafted SIP registration traffic over UDP, aka Bug IDs CSCtf72678 and CSCtf14987.
|
|||||
| CVE-2014-0732 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.
|
|||||
| CVE-2011-4487 | 1 Cisco | 7 Business Edition 3000, Business Edition 3000 Software, Business Edition 5000 and 4 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
|
|||||
| CVE-2010-2837 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310.
|
|||||
| CVE-2012-3949 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664.
|
|||||
| CVE-2013-6978 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
|
|||||
| CVE-2011-1605 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.
|
|||||
| CVE-2013-3397 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298.
|
|||||
| CVE-2008-1745 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (service interruption) via a SIP JOIN message with a malformed header, aka Bug ID CSCsi48115.
|
|||||
| CVE-2008-1748 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, 4.3 before 4.3(2), 5.x before 5.1(3), and 6.x before 6.1(1) does not properly validate SIP URLs, which allows remote attackers to cause a denial of service (service interruption) via a SIP INVITE message, aka Bug ID CSCsl22355.
|
|||||
| CVE-2007-4634 | 1 Cisco | 2 Call Manager, Unified Communications Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
|
|||||
| CVE-2008-1744 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770.
|
|||||
| CVE-2009-2050 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
|
|||||
| CVE-2008-1742 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, as demonstrated by TCPFUZZ, aka Bug ID CSCsj80609.
|
|||||
| CVE-2008-2062 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151.
|
|||||
| CVE-2006-5277 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
|
|||||
| CVE-2009-2053 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
|
|||||
| CVE-2007-3776 | 1 Cisco | 2 Unified Communications Manager, Unified Presence Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
|
|||||
| CVE-2009-2051 | 1 Cisco | 3 Ios, Ios Xe, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
|
|||||
| CVE-2009-2052 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.
|
|||||
| CVE-2008-2730 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsj90843.
|
|||||
| CVE-2009-0632 | 1 Cisco | 1 Unified Communications Manager | 2025-04-09 | 9.0 HIGH | N/A |
|
The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.1, 4.2 before 4.2(3)SR4b, 4.3 before 4.3(2)SR1b, 5.x before 5.1(3e), 6.x before 6.1(3), and 7.0 before 7.0(2) sends privileged directory-service account credentials to the client in cleartext, which allows remote attackers to modify the CUCM configuration and perform other privileged actions by intercepting these credentials, and then using them in requests unr ...
Show More |
|||||
| CVE-2008-0027 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
|
|||||
| CVE-2009-2864 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.8 HIGH | N/A |
|
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423.
|
|||||
| CVE-2008-3800 | 1 Cisco | 3 Ios, Unified Callmanager, Unified Communications Manager | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802.
|
|||||
| CVE-2008-1154 | 1 Cisco | 4 Emergency Responder, Mobility Manager, Unified Communications Manager and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||