Cisco Unity Connection vulnerabilities

CVE-2021-1380 [MEDIUM] CWE-89 CVE-2021-1380: Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manag Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to

CVE-2021-1226 [MEDIUM] CWE-532 CVE-2021-1226: A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unifie A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sen

CVE-2020-3130 [MEDIUM] CWE-22 CVE-2020-3130: A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticat A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful ex

CVE-2020-3282 [MEDIUM] CWE-79 CVE-2020-3282: A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us

CVE-2020-3129 [MEDIUM] CWE-79 CVE-2020-3129: A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted d

CVE-2019-1915 [MEDIUM] CWE-352 CVE-2019-1915: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Co A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CS

CVE-2019-12707 [MEDIUM] CWE-79 CVE-2019-12707: A vulnerability in the web-based interface of multiple Cisco Unified Communications products could a A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based inte

CVE-2019-1685 [MEDIUM] CWE-79 CVE-2019-1685: A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of C A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the

CVE-2018-15396 [MEDIUM] CWE-399 CVE-2018-15396: A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an auth A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An att

CVE-2018-15426 [MEDIUM] CWE-79 CVE-2018-15426: A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, r A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based inter

CVE-2018-15403 [MEDIUM] CWE-601 CVE-2018-15403: A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Mana A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the paramete

CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi

CVE-2018-0354 [MEDIUM] CWE-79 CVE-2018-0354: A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remot A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP G

CVE-2017-12212 [MEDIUM] CWE-79 CVE-2017-12212: A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remot A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via

CVE-2017-6629 [MEDIUM] CWE-22 CVE-2017-6629: A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenti A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulner

CVE-2015-6360 [HIGH] CWE-119 CVE-2015-6360: The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a d The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.

CVE-2016-1377 [MEDIUM] CWE-79 CVE-2016-1377: Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attack Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.

CVE-2016-1304 [MEDIUM] CWE-79 CVE-2016-1304: Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attack Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.

CVE-2016-1300 [MEDIUM] CWE-79 CVE-2016-1300: Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote a Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.

CVE-2015-6408 [MEDIUM] CWE-352 CVE-2015-6408: Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote a Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.