Cisco Unified Communications Domain Manager vulnerabilities

CVE-2018-0124 [CRITICAL] CWE-320 CVE-2018-0124: A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remot A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecu

CVE-2017-12302 [MEDIUM] CWE-89 CVE-2017-12302: A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an au A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this

CVE-2017-6668 [MEDIUM] CWE-89 CVE-2017-6668: Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could al Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.

CVE-2017-6670 [MEDIUM] CWE-601 CVE-2017-6670: A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an u A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.

CVE-2016-1354 [MEDIUM] CWE-79 CVE-2016-1354: Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x b Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176.

CVE-2015-6422 [MEDIUM] CWE-399 CVE-2015-6422: The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows r The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.

CVE-2015-6352 [MEDIUM] CWE-200 CVE-2015-6352: Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pat Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to map a filesystem via a series of requests, aka Bug ID CSCut67891.

CVE-2015-4196 [MEDIUM] CWE-255 CVE-2015-4196: Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardco Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.

CVE-2015-4229 [MEDIUM] CWE-200 CVE-2015-4229: The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers t The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.

CVE-2015-0699 [MEDIUM] CWE-89 CVE-2015-0699: SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Commu SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.

CVE-2015-0684 [MEDIUM] CWE-89 CVE-2015-0684: SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515.

CVE-2015-0682 [MEDIUM] CWE-264 CVE-2015-0682: Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbi Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168.

CVE-2015-0683 [MEDIUM] CWE-200 CVE-2015-0683: Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensi Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.

CVE-2015-0591 [MEDIUM] CWE-399 CVE-2015-0591: Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of s Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177.

CVE-2015-0588 [MEDIUM] CWE-352 CVE-2015-0588: Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055.

CVE-2014-8018 [MEDIUM] CWE-79 CVE-2014-8018: Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.

CVE-2014-8010 [MEDIUM] CWE-20 CVE-2014-8010: The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated admin The web framework in Cisco Unified Communications Domain Manager 8 allows remote authenticated administrators to execute arbitrary OS commands via crafted values, aka Bug ID CSCuq50205.

CVE-2014-3337 [MEDIUM] CWE-20 CVE-2014-3337: The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remot The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428.

CVE-2014-3320 [MEDIUM] CVE-2014-3320: Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unif Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835.

CVE-2014-3280 [MEDIUM] CWE-264 CVE-2014-3280: The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier d The web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain potentially sensitive user information by visiting an unspecified Administration GUI web page, aka Bug IDs CSCun46045 and CSCun46116.