Cisco Unified Communications Manager vulnerabilities

CVE-2007-4634 [CRITICAL] CWE-89 CVE-2007-4634: Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.

CVE-2007-4633 [MEDIUM] CWE-79 CVE-2007-4633: Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.

CVE-2007-4294 [MEDIUM] CVE-2007-4294: Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS Unspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.

CVE-2006-5277 [CRITICAL] CVE-2006-5277: Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Uni Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.

CVE-2006-5278 [CRITICAL] CVE-2006-5278: Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cis Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.

CVE-2007-3775 [HIGH] CVE-2007-3775: Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and U Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.

CVE-2007-3776 [MEDIUM] CVE-2007-3776: Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.

CVE-2010-0573 Cisco Unified Communications Manager Denial of Service Vulnerabilities CVE-2010-0573: Cisco Unified Communications Manager Denial of Service Vulnerabilities Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are a

CVE-2018-0118 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability CVE-2018-0118: Cisco Unified Communications Manager Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-su

CVE-2017-12302 Cisco Unified Communications Manager SQL Injection Vulnerability CVE-2017-12302: Cisco Unified Communications Manager SQL Injection Vulnerability A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulne

CVE-2018-0198 Cisco Unified Communications Manager Information Disclosure Vulnerability CVE-2018-0198: Cisco Unified Communications Manager Information Disclosure Vulnerability A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could

CVE-2016-1317 Cisco Unified Communications Manager Information Disclosure Vulnerability CVE-2016-1317: Cisco Unified Communications Manager Information Disclosure Vulnerability A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the a

CVE-2016-1308 Cisco Unified Communications Manager SQL Injection Vulnerability CVE-2016-1308: Cisco Unified Communications Manager SQL Injection Vulnerability A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnera