Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2007-07-15 |
Product | Unified Communications Manager | Last view | 2022-04-21 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2022-04-21 | CVE-2022-20804 | A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. |
6.5 | 2022-04-21 | CVE-2022-20790 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system. |
6.5 | 2022-04-21 | CVE-2022-20789 | A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges. |
6.1 | 2022-04-21 | CVE-2022-20788 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
6.8 | 2022-04-21 | CVE-2022-20787 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. |
10 | 2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
6.5 | 2021-11-04 | CVE-2021-34773 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts. |
4.3 | 2021-11-04 | CVE-2021-34701 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system. |
6.5 | 2021-05-06 | CVE-2021-1478 | A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system. |
6.1 | 2021-04-08 | CVE-2021-1409 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
6.1 | 2021-04-08 | CVE-2021-1408 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
6.1 | 2021-04-08 | CVE-2021-1407 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
4.9 | 2021-04-08 | CVE-2021-1406 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges. |
4.3 | 2021-04-08 | CVE-2021-1399 | A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization. |
6.1 | 2021-04-08 | CVE-2021-1380 | Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
8.8 | 2021-04-08 | CVE-2021-1362 | A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device. |
4.9 | 2021-01-20 | CVE-2021-1364 | Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. |
6.5 | 2021-01-20 | CVE-2021-1357 | Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. |
6.5 | 2021-01-20 | CVE-2021-1355 | Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. |
4.9 | 2021-01-20 | CVE-2021-1282 | Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. |
6.5 | 2021-01-13 | CVE-2021-1226 | A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. |
8.8 | 2020-09-23 | CVE-2020-3135 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. |
6.5 | 2020-09-23 | CVE-2019-15963 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks. |
6.1 | 2020-08-17 | CVE-2020-3346 | A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
6.1 | 2020-07-02 | CVE-2020-3282 | A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
22% (41) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
13% (25) | CWE-20 | Improper Input Validation |
12% (22) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
9% (17) | CWE-399 | Resource Management Errors |
6% (11) | CWE-352 | Cross-Site Request Forgery (CSRF) |
5% (10) | CWE-287 | Improper Authentication |
5% (10) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
4% (8) | CWE-200 | Information Exposure |
3% (6) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
2% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
2% (4) | CWE-425 | Direct Request ('Forced Browsing') |
1% (3) | CWE-310 | Cryptographic Issues |
1% (2) | CWE-522 | Insufficiently Protected Credentials |
1% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
1% (2) | CWE-35 | Path Traversal: '.../...//' |
0% (1) | CWE-787 | Out-of-bounds Write |
0% (1) | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
0% (1) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
0% (1) | CWE-610 | Externally Controlled Reference to a Resource in Another Sphere |
0% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
0% (1) | CWE-538 | File and Directory Information Exposure |
0% (1) | CWE-532 | Information Leak Through Log Files |
0% (1) | CWE-502 | Deserialization of Untrusted Data |
0% (1) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli... |
0% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-2 | Inducing Account Lockout |
CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
CAPEC-99 | XML Parser Attack |
CAPEC-119 | Resource Depletion |
CAPEC-121 | Locate and Exploit Test APIs |
CAPEC-125 | Resource Depletion through Flooding |
CAPEC-130 | Resource Depletion through Allocation |
CAPEC-147 | XML Ping of Death |
CAPEC-197 | XEE (XML Entity Expansion) |
CAPEC-227 | Denial of Service through Resource Depletion |
CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
CAPEC-229 | XML Attribute Blowup |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:5851 | Cisco IOS Session Initiation Protocol (SIP) Packet Arbitrary Code Execution V... |
oval:org.mitre.oval:def:6086 | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability |
oval:org.mitre.oval:def:6047 | Cisco IOS Session Initiation Protocol Denial of Service Vulnerability |
SAINT Exploits
Description | Link |
---|---|
Apache Log4j JNDI message lookup vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
76862 | Cisco Unified Communications Manager (CUCM) SIP Message Parsing Remote DoS |
75918 | Cisco IOS Session Control Buffers (SCB) SIP Packet Parsing Voice Service Remo... |
74779 | Cisco Multiple Products Open Query Interface Remote Information Disclosure |
74778 | Cisco Unified Communications Manager Packet Capture Service Idle TCP Connecti... |
74777 | Cisco Unified Communications Manager Service Advertisement Framework (SAF) Pa... |
74776 | Cisco Unified Communications Manager Service Advertisement Framework (SAF) Pa... |
74775 | Cisco Unified Communications Manager SIP INVITE Message Parsing Remote DoS |
74774 | Cisco Unified Communications Manager Media Termination Points Session Descrip... |
72615 | Cisco Unified Communications Manager xmldirectorylist.jsp Multiple Parameter ... |
72614 | Cisco Unified Communications Manager Unspecified SQL Injection |
72613 | Cisco Unified Communications Manager Upload Request Traversal Arbitrary File ... |
72612 | Cisco Unified Communications Manager Malformed SIP Message Unspecified Remote... |
72611 | Cisco Unified Communications Manager Malformed SIP Message Unspecified Remote... |
72610 | Cisco Unified Communications Manager Malformed SIP Message Memory Exhaustion ... |
69158 | Cisco Unified Communications Manager /usr/local/cm/bin/pktCap_protectData Pri... |
68206 | Cisco Unified Communications Manager (CUCM) SIP REFER Request Invalid Refer-T... |
68205 | Cisco IOS SIP REFER Request Invalid Refer-To Header Remote DoS |
68204 | Cisco Unified Communications Manager (CUCM) Crafted UDP SIP Registration Traf... |
68203 | Cisco IOS Crafted UDP SIP Registration Traffic Remote DoS |
67565 | Cisco Unified Communications Manager SIPStationInit Malformed SIP Message Rem... |
67564 | Cisco Unified Communications Manager SendCombinedStatusInfo Malformed SIP REG... |
62761 | Cisco Unified Communications Manager CTI Manager Message Handling Remote DoS |
62760 | Cisco Unified Communications Manager Malformed SIP Message Handling Remote Do... |
62759 | Cisco Unified Communications Manager Malformed SIP Message Handling Remote Do... |
62758 | Cisco Unified Communications Manager Malformed SCCP Message Handling Remote D... |
OpenVAS Exploits
id | Description |
---|---|
2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
2009-03-13 | Name : Ubuntu USN-732-1 (dash) File : nvt/ubuntu_732_1.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2013-B-0094 | Cisco Unified Communications Manager IM and Presence Service Remote Denial of... Severity: Category I - VMSKEY: V0040164 |
2013-A-0165 | Multiple Vulnerabilities in Cisco Unified Communications Manager Severity: Category I - VMSKEY: V0040165 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco Unified Communications Manager TAPS RMI directory traversal attempt RuleID : 53668 - Type : SERVER-OTHER - Revision : 1 |
2020-12-05 | Cisco Unified Communications Manager TAPS RMI method lookup detected RuleID : 53667 - Type : POLICY-OTHER - Revision : 1 |
2020-12-05 | Cisco Unified Communications Manager appuserFindList.do SQL injection attempt RuleID : 45833 - Type : SERVER-WEBAPP - Revision : 1 |
2020-12-05 | Cisco Unified Communications Manager appuserFindList.do SQL injection attempt RuleID : 45832 - Type : SERVER-WEBAPP - Revision : 1 |
2020-12-05 | Cisco Unified Communications Manager information disclosure attempt RuleID : 45813 - Type : SERVER-WEBAPP - Revision : 1 |
2020-12-05 | Cisco Unified Communications Manager appuserFindList.do access detected RuleID : 45729 - Type : POLICY-OTHER - Revision : 1 |
2017-04-20 | Cisco Unified Communications Manager SIP NOTIFY denial of service attempt RuleID : 42293 - Type : PROTOCOL-VOIP - Revision : 1 |
2014-01-10 | Cisco Unified Communications Manager sql injection attempt RuleID : 21377 - Type : SERVER-WEBAPP - Revision : 8 |
2014-01-10 | Cisco Unified Communications Manager heap overflow attempt RuleID : 13363 - Type : SERVER-OTHER - Revision : 12 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-04-27 | Name: The remote device is affected by an information disclosure vulnerability. File: cisco-sa-20180418-ucm.nasl - Type: ACT_GATHER_INFO |
2017-11-17 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20171115-vos-unity_connection.nasl - Type: ACT_GATHER_INFO |
2017-11-17 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20171115-vos-unified_presence.nasl - Type: ACT_GATHER_INFO |
2017-11-17 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20171115-vos-unified_communications_manager.nasl - Type: ACT_GATHER_INFO |
2017-09-27 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20170405-ucm-unified_communications_manager.nasl - Type: ACT_GATHER_INFO |
2017-09-27 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20170405-ucm1-unified_communications_manager.nasl - Type: ACT_GATHER_INFO |
2017-09-27 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20170419-ucm-unified_communications_manager.nasl - Type: ACT_GATHER_INFO |
2017-09-27 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20170517-ucm-unified_communications_manager.nasl - Type: ACT_GATHER_INFO |
2017-05-25 | Name: The remote device is affected by a cross-site scripting vulnerability. File: cisco-sa-20170517-ucm.nasl - Type: ACT_GATHER_INFO |
2017-04-27 | Name: The remote device is affected by a denial of service vulnerability. File: cisco_cucm_CSCuz72455.nasl - Type: ACT_GATHER_INFO |
2016-09-09 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1063.nasl - Type: ACT_GATHER_INFO |
2016-06-22 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20160420-libsrtp-iosxe.nasl - Type: ACT_GATHER_INFO |
2016-06-22 | Name: The remote device is missing a vendor-supplied security patch. File: cisco-sa-20160420-libsrtp-asa.nasl - Type: ACT_GATHER_INFO |
2016-04-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3539.nasl - Type: ACT_GATHER_INFO |
2016-02-22 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_6171eb07d8a911e5b2bd002590263bf5.nasl - Type: ACT_GATHER_INFO |
2016-01-19 | Name: The remote Debian host is missing a security update. File: debian_DLA-393.nasl - Type: ACT_GATHER_INFO |
2014-12-29 | Name: The remote device is affected by a security bypass vulnerability. File: cisco_cucm_CSCuq86376.nasl - Type: ACT_GATHER_INFO |
2014-12-02 | Name: The remote host is affected by a SQL injection vulnerability. File: cisco_cucm_CSCup88089.nasl - Type: ACT_GATHER_INFO |
2014-11-06 | Name: The remote host is affected by multiple reflected cross-site scripting vulner... File: cisco-sn-CVE-2014-3372-4-cucm.nasl - Type: ACT_GATHER_INFO |
2014-09-30 | Name: The remote host is affected by an arbitrary command execution vulnerability. File: cisco_cucm_CSCum95491.nasl - Type: ACT_GATHER_INFO |
2014-09-29 | Name: The remote host is affected by multiple file manipulation vulnerabilities. File: cisco_cucm_cve_2014_3292.nasl - Type: ACT_GATHER_INFO |
2014-06-18 | Name: The remote host is affected by a SQL injection vulnerability. File: cisco_cucm_CSCuo17337.nasl - Type: ACT_GATHER_INFO |
2013-09-25 | Name: The remote host is affected by multiple denial of service vulnerabilities. File: cisco-sa-20130227-cucm.nasl - Type: ACT_GATHER_INFO |
2013-09-24 | Name: The remote host is affected by a denial of service vulnerability. File: cisco_cucm_CSCub85597.nasl - Type: ACT_GATHER_INFO |
2013-09-24 | Name: The remote host is affected by a denial of service vulnerability. File: cisco_cucm_CSCub35869.nasl - Type: ACT_GATHER_INFO |