Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2006-10-26 |
| Product | Unified Presence Server | Last view | 2015-06-25 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2015-06-25 | CVE-2015-4220 | Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. |
| 6.5 | 2014-08-12 | CVE-2014-3339 | Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. |
| 5 | 2014-07-26 | CVE-2014-3328 | The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125. |
| 6.5 | 2013-12-31 | CVE-2013-6983 | SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. |
| 5 | 2013-05-10 | CVE-2013-1242 | Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080. |
| 7.8 | 2013-02-27 | CVE-2013-1137 | Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930. |
| 10 | 2011-08-29 | CVE-2011-1643 | Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. |
| 7.8 | 2010-08-26 | CVE-2010-2840 | The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629. |
| 7.8 | 2010-08-26 | CVE-2010-2839 | SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474. |
| 7.8 | 2009-10-16 | CVE-2009-2874 | The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. |
| 7.8 | 2008-05-16 | CVE-2008-1158 | The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164. |
| 5 | 2007-07-15 | CVE-2007-3776 | Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. |
| 7.8 | 2007-07-15 | CVE-2007-3775 | Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. |
| 7.8 | 2007-04-02 | CVE-2007-1834 | Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. |
| 7.8 | 2007-04-02 | CVE-2007-1826 | Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. |
| 7.8 | 2006-10-26 | CVE-2006-5553 | Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (2) | CWE-399 | Resource Management Errors |
| 20% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 20% (2) | CWE-20 | Improper Input Validation |
| 10% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 10% (1) | CWE-200 | Information Exposure |
| 10% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-2 | Inducing Account Lockout |
| CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
| CAPEC-147 | XML Ping of Death |
| CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74779 | Cisco Multiple Products Open Query Interface Remote Information Disclosure |
| 67560 | Cisco Unified Presence Engine Service Malformed SIP SUBSCRIBE Message Remote DoS |
| 67559 | Cisco Unified Presence SIPD Malformed SIP Message Remote DoS |
| 59057 | Cisco Unified Presence TimesTenD TCP Connection Saturation Remote DoS |
| 45219 | Cisco Unified Presence Engine Service Malformed IP Packet Processing Remote D... |
| 36124 | Cisco CUCM / CUPS Unspecified SNMP Information Disclosure |
| 36123 | Cisco CUCM / CUPS Unspecified Cluster Services DoS |
| 34919 | Cisco Multiple Products Crafted UDP Packet Remote DoS |
| 34594 | Cisco CUCM / CUPS ICMP Echo Request Saturation DoS |
| 30055 | Cisco Security Agent for Linux Port Scan DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-10-13 | Name : SLES10: Security update for Sun Java File : nvt/sles10_java-1_4_2-sun1.nasl |
| 2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5023078.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-08-16 | Name: The remote host is missing a vendor-supplied security patch. File: cisco-sa-20130227-cups.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote openSUSE host is missing a security update. File: suse_java-1_4_2-sun-5130.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_java-1_4_2-sun-5131.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote openSUSE host is missing a security update. File: suse_java-1_5_0-sun-5133.nasl - Type: ACT_GATHER_INFO |
| 2008-04-04 | Name: The remote openSUSE host is missing a security update. File: suse_java-1_6_0-sun-5132.nasl - Type: ACT_GATHER_INFO |
