This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:cisco:unified_communications_manager:5.1: |
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2007-08-09 |
| Product | Unified Communications Manager | Last view | 2014-01-08 |
| Version | 5.1 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:cisco:unified_communications_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 4 | 2014-01-08 | CVE-2014-0657 | Network | Low | Requires ... | |
| 4 | 2013-12-21 | CVE-2013-6978 | Network | Low | Requires ... | |
| 6.9 | 2013-11-17 | CVE-2013-6689 | Local | Medium | None Requ... | |
| 6.3 | 2013-11-17 | CVE-2013-6688 | Network | Medium | Requires ... | |
| 7.8 | 2013-08-22 | CVE-2013-3453 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 7.8 | 2011-10-27 | CVE-2011-3315 | Network | Low | None Requ... | |
| 7.8 | 2009-08-27 | CVE-2009-2054 | Network | Low | None Requ... | |
| 7.8 | 2009-08-27 | CVE-2009-2053 | Network | Low | None Requ... | |
| 7.8 | 2009-08-27 | CVE-2009-2052 | Network | Low | None Requ... | |
| 7.8 | 2009-08-27 | CVE-2009-2051 | Network | Low | None Requ... | |
| 7.8 | 2009-08-27 | CVE-2009-2050 | Network | Low | None Requ... | |
| 4.3 | 2009-01-22 | CVE-2009-0057 | Network | Medium | None Requ... | |
| 7.1 | 2008-09-26 | CVE-2008-3801 | Network | Medium | None Requ... | |
| 7.1 | 2008-09-26 | CVE-2008-3800 | Network | Medium | None Requ... | |
| 5 | 2008-06-26 | CVE-2008-2730 | Network | Low | None Requ... | |
| 10 | 2008-04-04 | CVE-2008-1154 | Network | Low | None Requ... | |
| 6.8 | 2007-08-09 | CVE-2007-4294 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (2) | CWE-287 | Improper Authentication |
| 22% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 22% (2) | CWE-20 | Improper Input Validation |
| 11% (1) | CWE-399 | Resource Management Errors |
| 11% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| % | id | Name |
|---|---|---|
| 11% (1) | CWE-200 | Information Exposure |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-99 | XML Parser Attack |
| CAPEC-119 | Resource Depletion |
| CAPEC-121 | Locate and Exploit Test APIs |
| id | Name |
|---|---|
| CAPEC-125 | Resource Depletion through Flooding |
| CAPEC-130 | Resource Depletion through Allocation |
| CAPEC-147 | XML Ping of Death |
| CAPEC-197 | XEE (XML Entity Expansion) |
| CAPEC-227 | Denial of Service through Resource Depletion |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
| CAPEC-229 | XML Attribute Blowup |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:5851 | Cisco IOS Session Initiation Protocol (SIP) Packet Arbitrary Code Execution V... |
| oval:org.mitre.oval:def:6086 | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability |
| oval:org.mitre.oval:def:6047 | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76572 | Cisco Multiple Products Unspecified URI Traversal Aribtrary File Access |
| 57456 | Cisco Unified Communications Manager SIP Packet Processing Unspecified Remote... |
| 57455 | Cisco Unified Communications Manager SCCP Packet Handling Unspecified Remote DoS |
| 57454 | Cisco Unified Communications Manager Embedded Firewall Network Connection Sat... |
| 57453 | Cisco Unified Communications Manager SIP Trunk Malformed Packet Handling Remo... |
| id | Description |
|---|---|
| 57452 | Cisco Unified Communications Manager Unspecified SIP Packet Handling Remote DoS |
| 52317 | Cisco Unified Communications Manager Certificate Authority Proxy Function (CA... |
| 48715 | Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3801) |
| 48714 | Cisco IOS / CUCM SIP Packet Handling Unspecified Remote DoS (3800) |
| 46815 | Cisco Unified Communications Manager (CUCM) RIS Data Collector Authentication... |
| 44032 | Cisco Unified Communications Disaster Recovery Framework (DRF) Arbitrary Remo... |
| 36693 | Cisco Unified Communications Manager (CUCM) Crafted SIP Packet Remote Code Ex... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-01-26 | Name : Multiple Cisco Products 'file' Parameter () Directory Traversal Vulnerability File : nvt/gb_cisco_multiple_products_50372.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-B-0094 | Cisco Unified Communications Manager IM and Presence Service Remote Denial of... Severity : Category I - VMSKEY : V0040164 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-09-03 | Name : The remote host is missing a vendor-supplied security patch. File : cisco-sa-20130821-cups.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20100922-siphttp.nasl - Type : ACT_GATHER_INFO |
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-IOS-voice.nasl - Type : ACT_GATHER_INFO |
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080924-siphttp.nasl - Type : ACT_GATHER_INFO |
