Cisco Unified Communications Manager vulnerabilities

CVE-2018-0411 [MEDIUM] CWE-79 CVE-2018-0411: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by th

CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi

CVE-2018-0355 [MEDIUM] CWE-20 CVE-2018-0355: A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an un A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected softw

CVE-2018-0340 [MEDIUM] CWE-79 CVE-2018-0340: A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) softwa A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the we

CVE-2018-0328 [MEDIUM] CWE-79 CVE-2018-0328: A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Prese A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed

CVE-2018-0266 [MEDIUM] CWE-200 CVE-2018-0266: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenti A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker

CVE-2018-0267 [MEDIUM] CWE-200 CVE-2018-0267: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenti A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. This could include LDAP credentials. The vulnerability is due to insufficient protection of database tables over the web interface. An attacker could exploit this vulnerability by b

CVE-2018-0206 [MEDIUM] CWE-79 CVE-2018-0206: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by th

CVE-2018-0135 [MEDIUM] CWE-20 CVE-2018-0135: A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacke A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search input. An attacker could exploit this vulnerability by sending malicious requests to an affected sys

CVE-2018-0120 [MEDIUM] CWE-89 CVE-2018-0120: A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenti A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could ex

CVE-2017-12357 [MEDIUM] CWE-79 CVE-2017-12357: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-base

CVE-2017-6791 [HIGH] CWE-119 CVE-2017-6791: A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager coul A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit thi

CVE-2017-6785 [MEDIUM] CWE-20 CVE-2017-6785: A vulnerability in configuration modification permissions validation for Cisco Unified Communication A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user con

CVE-2017-6757 [HIGH] CWE-89 CVE-2017-6757: A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5( A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulne

CVE-2017-6758 [MEDIUM] CWE-22 CVE-2017-6758: A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could a A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this

CVE-2017-6654 [MEDIUM] CWE-79 CVE-2017-6654: A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 t A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied in

CVE-2017-3808 [HIGH] CWE-119 CVE-2017-3808: A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Com A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vu

CVE-2017-3886 [MEDIUM] CWE-89 CVE-2017-3886: A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticat A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affec

CVE-2017-3888 [MEDIUM] CWE-79 CVE-2017-3888: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability affects Cisco Unified Communications Manager with a default con

CVE-2017-3872 [MEDIUM] CWE-79 CVE-2017-3872: A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Ci A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641