This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2007-07-15
Product Unified Communications Manager Last view 2021-11-04
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* 87
cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:* 82
cpe:2.3:a:cisco:unified_communications_manager:7.1(3):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:6.1(1a):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:7.1(3b):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:6.1(1):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:7.1(3a):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:7.1(2b):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:7.1(2a):*:*:*:*:*:*:* 70
cpe:2.3:a:cisco:unified_communications_manager:6.1(2):*:*:*:*:*:*:* 69
cpe:2.3:a:cisco:unified_communications_manager:7.1(3b)su1:*:*:*:*:*:*:* 69
cpe:2.3:a:cisco:unified_communications_manager:7.1(2a)su1:*:*:*:*:*:*:* 69
cpe:2.3:a:cisco:unified_communications_manager:7.1(3a)su1:*:*:*:*:*:*:* 69
cpe:2.3:a:cisco:unified_communications_manager:7.1(3a)su1a:*:*:*:*:*:*:* 69
cpe:2.3:a:cisco:unified_communications_manager:7.1(5a):*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:7.1(3b)su2:*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:6.1(3):*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:7.0(2):*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:6.1(1b):*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:7.1(5b):*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:7.1(5):*:*:*:*:*:*:* 68
cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:* 67
cpe:2.3:a:cisco:unified_communications_manager:7.1(2b)su1:*:*:*:*:*:*:* 67
cpe:2.3:a:cisco:unified_communications_manager:7.1(5)su1:*:*:*:*:*:*:* 67
cpe:2.3:a:cisco:unified_communications_manager:6.1(2)su1:*:*:*:*:*:*:* 67
cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:* 66
cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:* 66
cpe:2.3:a:cisco:unified_communications_manager:8.0(2c):*:*:*:*:*:*:* 66
cpe:2.3:a:cisco:unified_communications_manager:4.1:*:*:*:*:*:*:* 66
cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:* 65
cpe:2.3:a:cisco:unified_communications_manager:7.1(5)su1a:*:*:*:*:*:*:* 65
cpe:2.3:a:cisco:unified_communications_manager:8.0(3):*:*:*:*:*:*:* 65
cpe:2.3:a:cisco:unified_communications_manager:6.1(4):*:*:*:*:*:*:* 65
cpe:2.3:a:cisco:unified_communications_manager:6.1(2)su1a:*:*:*:*:*:*:* 65
cpe:2.3:a:cisco:unified_communications_manager:7.0(2a):*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:8.0(2c)su1:*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:7.0(1)su1a:*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:7.0(2a)su1:*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:7.0(2a)su2:*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:7.0(1)su1:*:*:*:*:*:*:* 64
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:* 63
cpe:2.3:a:cisco:unified_communications_manager:6.1(4a):*:*:*:*:*:*:* 63
cpe:2.3:a:cisco:unified_communications_manager:6.1(3a):*:*:*:*:*:*:* 63
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:* 63
cpe:2.3:a:cisco:unified_communications_manager:6.1:*:*:*:*:*:*:* 63
cpe:2.3:a:cisco:unified_communications_manager:6.1(3b):*:*:*:*:*:*:* 63
cpe:2.3:a:cisco:unified_communications_manager:6.1(4a)su2:*:*:*:*:*:*:* 62
cpe:2.3:a:cisco:unified_communications_manager:6.1(4)su1:*:*:*:*:*:*:* 62
cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:* 62

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2021-11-04 CVE-2021-34773

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.

4.3 2021-11-04 CVE-2021-34701

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

6.5 2021-05-06 CVE-2021-1478

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an unsecured TCP/IP port. An attacker could exploit this vulnerability by accessing the port and restarting the JMX process. A successful exploit could allow the attacker to cause a DoS condition on an affected system.

6.1 2021-04-08 CVE-2021-1409

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

6.1 2021-04-08 CVE-2021-1408

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

6.1 2021-04-08 CVE-2021-1407

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

4.9 2021-04-08 CVE-2021-1406

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to obtain hashed credentials of system users. To exploit this vulnerability an attacker would need to have valid user credentials with elevated privileges.

4.3 2021-04-08 CVE-2021-1399

A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected system without proper authorization. The vulnerability is due to insufficient validation of user-supplied data to the Self Care Portal. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify information without proper authorization.

6.1 2021-04-08 CVE-2021-1380

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

8.8 2021-04-08 CVE-2021-1362

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.

4.9 2021-01-20 CVE-2021-1364

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

6.5 2021-01-20 CVE-2021-1357

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

6.5 2021-01-20 CVE-2021-1355

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

4.9 2021-01-20 CVE-2021-1282

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.

6.5 2021-01-13 CVE-2021-1226

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

8.8 2020-09-23 CVE-2020-3135

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.

6.5 2020-09-23 CVE-2019-15963

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.

6.1 2020-08-17 CVE-2020-3346

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

6.1 2020-07-02 CVE-2020-3282

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

7.5 2020-04-15 CVE-2020-3177

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.

6.1 2020-02-19 CVE-2015-0749

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.

8.8 2019-11-26 CVE-2019-15972

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.

6.5 2019-10-02 CVE-2019-1915

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

6.5 2019-10-02 CVE-2019-15272

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to bypass security restrictions. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to gain unauthorized access to the system.

6.1 2019-10-02 CVE-2019-12716

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

CWE : Common Weakness Enumeration

%idName
22% (40) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (25) CWE-20 Improper Input Validation
12% (23) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
9% (17) CWE-399 Resource Management Errors
5% (10) CWE-352 Cross-Site Request Forgery (CSRF)
5% (10) CWE-287 Improper Authentication
5% (10) CWE-200 Information Exposure
5% (9) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
3% (6) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (5) CWE-264 Permissions, Privileges, and Access Controls
2% (4) CWE-425 Direct Request ('Forced Browsing')
1% (3) CWE-310 Cryptographic Issues
1% (2) CWE-522 Insufficiently Protected Credentials
1% (2) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (2) CWE-35 Path Traversal: '.../...//'
0% (1) CWE-787 Out-of-bounds Write
0% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
0% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
0% (1) CWE-538 File and Directory Information Exposure
0% (1) CWE-532 Information Leak Through Log Files
0% (1) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
0% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (1) CWE-302 Authentication Bypass by Assumed-Immutable Data
0% (1) CWE-255 Credentials Management
0% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99 XML Parser Attack
CAPEC-119 Resource Depletion
CAPEC-121 Locate and Exploit Test APIs
CAPEC-125 Resource Depletion through Flooding
CAPEC-130 Resource Depletion through Allocation
CAPEC-147 XML Ping of Death
CAPEC-197 XEE (XML Entity Expansion)
CAPEC-227 Denial of Service through Resource Depletion
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229 XML Attribute Blowup

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:5851 Cisco IOS Session Initiation Protocol (SIP) Packet Arbitrary Code Execution V...
oval:org.mitre.oval:def:6086 Cisco IOS Session Initiation Protocol Denial of Service Vulnerability
oval:org.mitre.oval:def:6047 Cisco IOS Session Initiation Protocol Denial of Service Vulnerability

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
76862 Cisco Unified Communications Manager (CUCM) SIP Message Parsing Remote DoS
75918 Cisco IOS Session Control Buffers (SCB) SIP Packet Parsing Voice Service Remo...
74779 Cisco Multiple Products Open Query Interface Remote Information Disclosure
74778 Cisco Unified Communications Manager Packet Capture Service Idle TCP Connecti...
74777 Cisco Unified Communications Manager Service Advertisement Framework (SAF) Pa...
74776 Cisco Unified Communications Manager Service Advertisement Framework (SAF) Pa...
74775 Cisco Unified Communications Manager SIP INVITE Message Parsing Remote DoS
74774 Cisco Unified Communications Manager Media Termination Points Session Descrip...
72615 Cisco Unified Communications Manager xmldirectorylist.jsp Multiple Parameter ...
72614 Cisco Unified Communications Manager Unspecified SQL Injection
72613 Cisco Unified Communications Manager Upload Request Traversal Arbitrary File ...
72612 Cisco Unified Communications Manager Malformed SIP Message Unspecified Remote...
72611 Cisco Unified Communications Manager Malformed SIP Message Unspecified Remote...
72610 Cisco Unified Communications Manager Malformed SIP Message Memory Exhaustion ...
69158 Cisco Unified Communications Manager /usr/local/cm/bin/pktCap_protectData Pri...
68206 Cisco Unified Communications Manager (CUCM) SIP REFER Request Invalid Refer-T...
68205 Cisco IOS SIP REFER Request Invalid Refer-To Header Remote DoS
68204 Cisco Unified Communications Manager (CUCM) Crafted UDP SIP Registration Traf...
68203 Cisco IOS Crafted UDP SIP Registration Traffic Remote DoS
67565 Cisco Unified Communications Manager SIPStationInit Malformed SIP Message Rem...
67564 Cisco Unified Communications Manager SendCombinedStatusInfo Malformed SIP REG...
62761 Cisco Unified Communications Manager CTI Manager Message Handling Remote DoS
62760 Cisco Unified Communications Manager Malformed SIP Message Handling Remote Do...
62759 Cisco Unified Communications Manager Malformed SIP Message Handling Remote Do...
62758 Cisco Unified Communications Manager Malformed SCCP Message Handling Remote D...

OpenVAS Exploits

id Description
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-B-0094 Cisco Unified Communications Manager IM and Presence Service Remote Denial of...
Severity: Category I - VMSKEY: V0040164
2013-A-0165 Multiple Vulnerabilities in Cisco Unified Communications Manager
Severity: Category I - VMSKEY: V0040165

Snort® IPS/IDS

Date Description
2020-12-05 Cisco Unified Communications Manager TAPS RMI directory traversal attempt
RuleID : 53668 - Type : SERVER-OTHER - Revision : 1
2020-12-05 Cisco Unified Communications Manager TAPS RMI method lookup detected
RuleID : 53667 - Type : POLICY-OTHER - Revision : 1
2020-12-05 Cisco Unified Communications Manager appuserFindList.do SQL injection attempt
RuleID : 45833 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco Unified Communications Manager appuserFindList.do SQL injection attempt
RuleID : 45832 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco Unified Communications Manager information disclosure attempt
RuleID : 45813 - Type : SERVER-WEBAPP - Revision : 1
2020-12-05 Cisco Unified Communications Manager appuserFindList.do access detected
RuleID : 45729 - Type : POLICY-OTHER - Revision : 1
2017-04-20 Cisco Unified Communications Manager SIP NOTIFY denial of service attempt
RuleID : 42293 - Type : PROTOCOL-VOIP - Revision : 1
2014-01-10 Cisco Unified Communications Manager sql injection attempt
RuleID : 21377 - Type : SERVER-WEBAPP - Revision : 8
2014-01-10 Cisco Unified Communications Manager heap overflow attempt
RuleID : 13363 - Type : SERVER-OTHER - Revision : 12

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-04-27 Name: The remote device is affected by an information disclosure vulnerability.
File: cisco-sa-20180418-ucm.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20171115-vos-unity_connection.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20171115-vos-unified_presence.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20171115-vos-unified_communications_manager.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170405-ucm-unified_communications_manager.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170405-ucm1-unified_communications_manager.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170419-ucm-unified_communications_manager.nasl - Type: ACT_GATHER_INFO
2017-09-27 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20170517-ucm-unified_communications_manager.nasl - Type: ACT_GATHER_INFO
2017-05-25 Name: The remote device is affected by a cross-site scripting vulnerability.
File: cisco-sa-20170517-ucm.nasl - Type: ACT_GATHER_INFO
2017-04-27 Name: The remote device is affected by a denial of service vulnerability.
File: cisco_cucm_CSCuz72455.nasl - Type: ACT_GATHER_INFO
2016-09-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1063.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160420-libsrtp-iosxe.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160420-libsrtp-asa.nasl - Type: ACT_GATHER_INFO
2016-04-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3539.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6171eb07d8a911e5b2bd002590263bf5.nasl - Type: ACT_GATHER_INFO
2016-01-19 Name: The remote Debian host is missing a security update.
File: debian_DLA-393.nasl - Type: ACT_GATHER_INFO
2014-12-29 Name: The remote device is affected by a security bypass vulnerability.
File: cisco_cucm_CSCuq86376.nasl - Type: ACT_GATHER_INFO
2014-12-02 Name: The remote host is affected by a SQL injection vulnerability.
File: cisco_cucm_CSCup88089.nasl - Type: ACT_GATHER_INFO
2014-11-06 Name: The remote host is affected by multiple reflected cross-site scripting vulner...
File: cisco-sn-CVE-2014-3372-4-cucm.nasl - Type: ACT_GATHER_INFO
2014-09-30 Name: The remote host is affected by an arbitrary command execution vulnerability.
File: cisco_cucm_CSCum95491.nasl - Type: ACT_GATHER_INFO
2014-09-29 Name: The remote host is affected by multiple file manipulation vulnerabilities.
File: cisco_cucm_cve_2014_3292.nasl - Type: ACT_GATHER_INFO
2014-06-18 Name: The remote host is affected by a SQL injection vulnerability.
File: cisco_cucm_CSCuo17337.nasl - Type: ACT_GATHER_INFO
2013-09-25 Name: The remote host is affected by multiple denial of service vulnerabilities.
File: cisco-sa-20130227-cucm.nasl - Type: ACT_GATHER_INFO
2013-09-24 Name: The remote host is affected by a denial of service vulnerability.
File: cisco_cucm_CSCub85597.nasl - Type: ACT_GATHER_INFO
2013-09-24 Name: The remote host is affected by a denial of service vulnerability.
File: cisco_cucm_CSCub35869.nasl - Type: ACT_GATHER_INFO