This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2012-02-29
Product Unity Connection Last view 2022-04-21
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:cisco:unity_connection:9.1(2):*:*:*:*:*:*:* 21
cpe:2.3:a:cisco:unity_connection:9.1(1):*:*:*:*:*:*:* 21
cpe:2.3:a:cisco:unity_connection:8.5(1)su1:*:*:*:*:*:*:* 20
cpe:2.3:a:cisco:unity_connection:8.5(1)su2:*:*:*:*:*:*:* 20
cpe:2.3:a:cisco:unity_connection:8.6(1a):*:*:*:*:*:*:* 20
cpe:2.3:a:cisco:unity_connection:8.5(1):*:*:*:*:*:*:* 20
cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:* 20
cpe:2.3:a:cisco:unity_connection:8.6(2a):*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.6(2a)su1:*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.6(2):*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.6(2a)su2:*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.6(2a)su3:*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.6(1):*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.5(1)su3:*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.5(1)su4:*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:8.5(1)su5:*:*:*:*:*:*:* 19
cpe:2.3:a:cisco:unity_connection:9.0(1):*:*:*:*:*:*:* 18
cpe:2.3:a:cisco:unity_connection:8.5(1)su6:*:*:*:*:*:*:* 18
cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:* 18
cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:* 18
cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:* 17
cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:* 17
cpe:2.3:a:cisco:unity_connection:7.1(5b):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(3a)su1a:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(5a):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(5b)su4:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(5b)su2:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(3b):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(3):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:10.5(2):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:10.5(2.3009):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.0_base:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(5):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(2):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(1):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(2b):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(2b)su1:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(2a):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:1.2_base:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:2.0_base:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:1.1(1):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:2.1_base:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(3b)su1:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:2.0(1):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(3a)su1:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(2a)su1:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(3a):*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(5)su1a:*:*:*:*:*:*:* 16
cpe:2.3:a:cisco:unity_connection:7.1(5b)su3:*:*:*:*:*:*:* 16

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.1 2022-04-21 CVE-2022-20788

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

10 2021-12-10 CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

4.3 2021-11-04 CVE-2021-34701

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

6.1 2021-04-08 CVE-2021-1409

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

6.1 2021-04-08 CVE-2021-1380

Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an interface user. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by persuading an interface user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

8.8 2021-04-08 CVE-2021-1362

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, and Cisco Prime License Manager could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper sanitization of user-supplied input. An attacker could exploit this vulnerability by sending a SOAP API request with crafted parameters to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.

6.5 2021-01-13 CVE-2021-1226

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

6.5 2020-09-23 CVE-2020-3130

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.

6.1 2020-07-02 CVE-2020-3282

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

4.8 2020-01-26 CVE-2020-3129

A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element.

6.5 2019-10-02 CVE-2019-1915

A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.

6.1 2019-10-02 CVE-2019-12707

A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

6.1 2019-02-21 CVE-2019-1685

A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Version 12.5 is affected.

4.8 2018-10-05 CVE-2018-15426

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the web-based interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

5.4 2018-10-05 CVE-2018-15403

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

6.8 2018-10-05 CVE-2018-15396

A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.

6.1 2018-06-07 CVE-2018-0354

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvf76417.

7.5 2018-06-07 CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

5.3 2018-02-21 CVE-2018-0203

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215.

9.8 2017-11-16 CVE-2017-12337

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

6.1 2017-09-07 CVE-2017-12212

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345.

5.3 2017-05-03 CVE-2017-6629

A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.

7.5 2016-04-21 CVE-2015-6360

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

6.1 2016-04-12 CVE-2016-1377

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.

6.1 2016-01-30 CVE-2016-1304

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.

CWE : Common Weakness Enumeration

%idName
32% (15) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
10% (5) CWE-19 Data Handling
8% (4) CWE-399 Resource Management Errors
8% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
6% (3) CWE-352 Cross-Site Request Forgery (CSRF)
6% (3) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
4% (2) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
4% (2) CWE-264 Permissions, Privileges, and Access Controls
2% (1) CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
2% (1) CWE-532 Information Leak Through Log Files
2% (1) CWE-502 Deserialization of Untrusted Data
2% (1) CWE-287 Improper Authentication
2% (1) CWE-200 Information Exposure
2% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
Apache Log4j JNDI message lookup vulnerability More info here

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0070 Multiple Denial of Service Vulnerabilities in Cisco Unity Connection
Severity: Category I - VMSKEY: V0059849
2012-A-0034 Multiple Vulnerabilities in Cisco Unity Connection
Severity: Category I - VMSKEY: V0031830

Snort® IPS/IDS

Date Description
2017-10-12 Cisco Unity Connection serviceParamEdit.do cross site scripting attempt
RuleID : 44558 - Type : SERVER-WEBAPP - Revision : 1
2017-10-12 Cisco Unity Connection nick-name.do cross site scripting attempt
RuleID : 44557 - Type : SERVER-WEBAPP - Revision : 1
2017-10-12 Cisco Unity Connection edit-nuance.do cross site scripting attempt
RuleID : 44556 - Type : SERVER-WEBAPP - Revision : 1
2015-04-02 Unity Conversation Manager record-route INVITE anomaly denial of service attempt
RuleID : 34023 - Type : PROTOCOL-VOIP - Revision : 1
2015-04-02 Cisco Unity Connection malformed contact header denial of service attempt
RuleID : 34022 - Type : PROTOCOL-VOIP - Revision : 2

Nessus® Vulnerability Scanner

id Description
2017-11-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20171115-vos-unified_communications_manager.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20171115-vos-unified_presence.nasl - Type: ACT_GATHER_INFO
2017-11-17 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20171115-vos-unity_connection.nasl - Type: ACT_GATHER_INFO
2017-09-11 Name: The version of Cisco Unity Connection on the remote host is affected by a rel...
File: cisco_uc_10_5_2.nasl - Type: ACT_GATHER_INFO
2016-09-09 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1063.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160420-libsrtp-asa.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote device is missing a vendor-supplied security patch.
File: cisco-sa-20160420-libsrtp-iosxe.nasl - Type: ACT_GATHER_INFO
2016-04-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3539.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6171eb07d8a911e5b2bd002590263bf5.nasl - Type: ACT_GATHER_INFO
2016-01-19 Name: The remote Debian host is missing a security update.
File: debian_DLA-393.nasl - Type: ACT_GATHER_INFO
2015-05-14 Name: The remote host is affected by several SQL injection vulnerabilities.
File: cisco_cucm_cve_2015_0715.nasl - Type: ACT_GATHER_INFO
2015-04-10 Name: The version of Cisco Unity Connection installed on the remote host is affecte...
File: cisco_uc_cisco-sa-20150401-cuc.nasl - Type: ACT_GATHER_INFO
2013-09-28 Name: Cisco Unity Connection is installed on the remote host and is affected by a p...
File: cisco_uc_7_1_3b.nasl - Type: ACT_GATHER_INFO
2013-09-28 Name: The version of Cisco Unity Connection on the remote host is affected by a den...
File: cisco_uc_8_6_2.nasl - Type: ACT_GATHER_INFO