Cisco Unified Presence Server vulnerabilities

12 known vulnerabilities affecting cisco/unified_presence_server.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH9MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2015-4220MEDIUMCVSS 4.3v9.1\(1\)2015-06-25
CVE-2015-4220 [MEDIUM] CWE-79 CVE-2015-4220: Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attac Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
nvd
CVE-2013-1137HIGHCVSS 7.8v8.6v9.0+1 more2013-02-27
CVE-2013-1137 [HIGH] CWE-119 CVE-2013-1137: Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
nvd
CVE-2011-1643CRITICALCVSS 10.0v6.0\(1\)v6.0\(2\)+19 more2011-08-29
CVE-2011-1643 [CRITICAL] CWE-200 CVE-2011-1643: Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8. Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183,
nvd
CVE-2010-2839HIGHCVSS 7.8v6.0v6.0\(2\)+20 more2010-08-26
CVE-2010-2839 [HIGH] CWE-399 CVE-2010-2839: SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to ca SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
nvd
CVE-2010-2840HIGHCVSS 7.8v6.0v6.0\(2\)+20 more2010-08-26
CVE-2010-2840 [HIGH] CWE-20 CVE-2010-2840: The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) d The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
nvd
CVE-2009-2874HIGHCVSS 7.8v1.0v1.0\(1\)+10 more2009-10-16
CVE-2009-2874 [HIGH] CVE-2009-2874: The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
nvd
CVE-2008-1158HIGHCVSS 7.8v1.0v1.0\(1\)+2 more2008-05-16
CVE-2008-1158 [HIGH] CWE-20 CVE-2008-1158: The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to The Presence Engine (PE) service in Cisco Unified Presence before 6.0(1) allows remote attackers to cause a denial of service (core dump and service interruption) via malformed packets, aka Bug ID CSCsh50164.
nvd
CVE-2007-3775HIGHCVSS 7.8v1.0v1.0\(1\)+2 more2007-07-15
CVE-2007-3775 [HIGH] CVE-2007-3775: Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and U Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
nvd
CVE-2007-3776MEDIUMCVSS 5.0v1.0v1.0\(1\)+2 more2007-07-15
CVE-2007-3776 [MEDIUM] CVE-2007-3776: Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
nvd
CVE-2007-1834HIGHCVSS 7.8v1.0v1.0\(1\)+1 more2007-04-03
CVE-2007-1834 [HIGH] CVE-2007-1834: Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.
nvd
CVE-2007-1826HIGHCVSS 7.8v1.0v1.0\(1\)+1 more2007-04-02
CVE-2007-1826 [HIGH] CVE-2007-1826: Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 befo Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.
nvd
CVE-2006-5553HIGHCVSS 7.8v1.0v1.0\(2\)2006-10-26
CVE-2006-5553 [HIGH] CVE-2006-5553: Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unifi Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options.
nvd