Cisco Unified Communications Manager vulnerabilities

CVE-2014-0733 [MEDIUM] CWE-287 CVE-2014-0733: The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) The Enterprise License Manager (ELM) component in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read ELM files via a direct request to a URL, aka Bug ID CSCum46494.

CVE-2014-0735 [MEDIUM] CWE-79 CVE-2014-0735: Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unifi Cross-site scripting (XSS) vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum46470.

CVE-2014-0732 [MEDIUM] CWE-287 CVE-2014-0732: The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unifie The Real Time Monitoring Tool (RTMT) web application in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier does not properly enforce authentication requirements, which allows remote attackers to read application files via a direct request to a URL, aka Bug ID CSCum46495.

CVE-2014-0726 [HIGH] CWE-89 CVE-2014-0726: SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communicat SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.

CVE-2014-0728 [HIGH] CWE-89 CVE-2014-0728: SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager ( SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313.

CVE-2014-0724 [MEDIUM] CWE-20 CVE-2014-0724: The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier The bulk administration interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to bypass authentication and read arbitrary files by using an unspecified prompt, aka Bug ID CSCum05340.

CVE-2014-0686 [MEDIUM] CWE-264 CVE-2014-0686: Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local user Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) and earlier allows local users to gain privileges by leveraging incorrect file permissions, aka Bug IDs CSCul24917 and CSCul24908.

CVE-2014-0657 [MEDIUM] CWE-264 CVE-2014-0657: The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier do The administration portal in Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier does not properly handle role restrictions, which allows remote authenticated users to bypass role-based access control via multiple visits to a forbidden portal URL, aka Bug ID CSCuj83540.

CVE-2013-6978 [MEDIUM] CWE-200 CVE-2013-6978: The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) an The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.

CVE-2013-6689 [MEDIUM] CWE-20 CVE-2013-6689: Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass fi Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

CVE-2013-6688 [MEDIUM] CWE-22 CVE-2013-6688: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

CVE-2013-3459 [HIGH] CWE-399 CVE-2013-3459: Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6a does not properly handle errors, which allows remote attackers to cause a denial of service (service disruption) via malformed registration messages, aka Bug ID CSCuf93466.

CVE-2013-3462 [HIGH] CWE-119 CVE-2013-3462: Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.

CVE-2013-3461 [HIGH] CWE-399 CVE-2013-3461: Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) before 8.6(2a)su3 and 9.x before 9.1(1) does not properly restrict the rate of SIP packets, which allows remote attackers to cause a denial of service (memory and CPU consumption, and service disruption) via a flood of UDP packets to port 5060, aka Bug ID CSCub35869.

CVE-2013-3460 [HIGH] CWE-399 CVE-2013-3460: Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) bef Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(1) allows remote attackers to cause a denial of service (service disruption) via a high rate of UDP packets, aka Bug ID CSCub85597.

CVE-2013-3453 [HIGH] CWE-399 CVE-2013-3453: Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959.

CVE-2013-3404 [HIGH] CWE-89 CVE-2013-3404: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) al SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.

CVE-2013-3412 [MEDIUM] CWE-89 CVE-2013-3412: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) all SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.

CVE-2013-3433 [MEDIUM] CVE-2013-3433: Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9. Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.

CVE-2013-3402 [MEDIUM] CWE-94 CVE-2013-3402: An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.