Cisco Unified Presence vulnerabilities
6 known vulnerabilities affecting cisco/unified_presence.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5
Vulnerabilities
Page 1 of 1
CVE-2012-3935HIGHCVSS 7.8≤ 8.6\(2\)v1.0+30 more2012-09-12
CVE-2012-3935 [HIGH] CWE-119 CVE-2012-3935: Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber
Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832.
nvd
CVE-2011-3288HIGHCVSS 7.5fixed in 8.5\(4\)2011-10-06
CVE-2011-3288 [HIGH] CVE-2011-3288: Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, whi
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
nvd
CVE-2008-1741HIGHCVSS 7.8≤ 6.0_2v6.0_12008-05-16
CVE-2008-1741 [HIGH] CWE-20 CVE-2008-1741: The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to caus
The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) allows remote attackers to cause a denial of service (core dump and service interruption) via a TCP port scan, aka Bug ID CSCsj64533.
nvd
CVE-2008-1158HIGHCVSS 7.8v6.02008-05-16
CVE-2008-1158 [HIGH] CWE-20 CVE-2008-1158: The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
nvd
CVE-2008-1740HIGHCVSS 7.8≤ 6.0_2v6.0_12008-05-16
CVE-2008-1740 [HIGH] CWE-20 CVE-2008-1740: The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to
The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via an unspecified "stress test," aka Bug ID CSCsh20972.
nvd
CVE-2008-1154CRITICALCVSS 10.0v1.0v6.02008-04-04
CVE-2008-1154 [CRITICAL] CWE-287 CVE-2008-1154: The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, includ
The Disaster Recovery Framework (DRF) master server in Cisco Unified Communications products, including Unified Communications Manager (CUCM) 5.x and 6.x, Unified Presence 1.x and 6.x, Emergency Responder 2.x, and Mobility Manager 2.x, does not require authentication for requests received from the network, which allows remote attackers to execute ar
nvd