Cisco Unity Connection vulnerabilities

CVE-2021-1408 [MEDIUM] CWE-89 CVE-2021-1408: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manag Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to

CVE-2020-3130 [MEDIUM] CWE-22 CVE-2020-3130: A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticat A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful ex

CVE-2019-15963 [MEDIUM] CWE-200 CVE-2019-15963: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of th

CVE-2020-3282 [MEDIUM] CWE-79 CVE-2020-3282: A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us

CVE-2020-3129 [MEDIUM] CWE-79 CVE-2020-3129: A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted d

CVE-2019-12707 [MEDIUM] CWE-79 CVE-2019-12707: A vulnerability in the web-based interface of multiple Cisco Unified Communications products could a A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based inte

CVE-2019-1685 [MEDIUM] CWE-79 CVE-2019-1685: A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of C A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the

CVE-2018-15396 [MEDIUM] CWE-399 CVE-2018-15396: A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an auth A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An att

CVE-2018-15426 [MEDIUM] CWE-79 CVE-2018-15426: A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, r A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based inter

CVE-2018-0203 [MEDIUM] CWE-19 CVE-2018-0203: A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker

CVE-2017-12212 [MEDIUM] CWE-79 CVE-2017-12212: A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scrip A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parame

CVE-2017-6629 [MEDIUM] CWE-22 CVE-2017-6629: A vulnerability in the ImageID parameter of Cisco Unity Connection 10 A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory trav