Cisco Unity Connection vulnerabilities
53 known vulnerabilities affecting cisco/unity_connection.
Total CVEs
53
CISA KEV
2
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL6HIGH13MEDIUM34
Vulnerabilities
Page 2 of 3
CVE-2019-1915MEDIUMCVSS 6.5v11.5v12.0+2 more2019-10-02
CVE-2019-1915 [MEDIUM] CWE-352 CVE-2019-1915: A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Co
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition (SME), Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CS
nvd
CVE-2019-12707MEDIUMCVSS 6.1v11.5v12.0+1 more2019-10-02
CVE-2019-12707 [MEDIUM] CWE-79 CVE-2019-12707: A vulnerability in the web-based interface of multiple Cisco Unified Communications products could a
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the web-based inte
nvd
CVE-2019-1685MEDIUMCVSS 6.1v12.52019-02-21
CVE-2019-1685 [MEDIUM] CWE-79 CVE-2019-1685: A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of C
A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the
nvd
CVE-2018-15396MEDIUMCVSS 6.8v12.52018-10-05
CVE-2018-15396 [MEDIUM] CWE-399 CVE-2018-15396: A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an auth
A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An att
nvd
CVE-2018-15426MEDIUMCVSS 4.8vvmo-11.5\(1\)2018-10-05
CVE-2018-15426 [MEDIUM] CWE-79 CVE-2018-15426: A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, r
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based inter
nvd
CVE-2018-15403MEDIUMCVSS 5.4v9.1\(1\)es232018-10-05
CVE-2018-15403 [MEDIUM] CWE-601 CVE-2018-15403: A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Mana
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the paramete
nvd
CVE-2017-6779HIGHCVSS 7.5≥ 10.5, < 10.5su5≥ 11.0, < 11.5.1su3+2 more2018-06-07
CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi
nvd
CVE-2018-0354MEDIUMCVSS 6.1v12.52018-06-07
CVE-2018-0354 [MEDIUM] CWE-79 CVE-2018-0354: A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remot
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP G
nvd
CVE-2017-12212MEDIUMCVSS 6.1v10.5\(2\)2017-09-07
CVE-2017-12212 [MEDIUM] CWE-79 CVE-2017-12212: A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remot
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via
nvd
CVE-2017-6629MEDIUMCVSS 5.3v10.5\(2\)2017-05-03
CVE-2017-6629 [MEDIUM] CWE-22 CVE-2017-6629: A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenti
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulner
nvd
CVE-2015-6360HIGHCVSS 7.5v1.1\(1\)v1.2_base+61 more2016-04-21
CVE-2015-6360 [HIGH] CWE-119 CVE-2015-6360: The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a d
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
nvd
CVE-2016-1377MEDIUMCVSS 6.1v10.0.0v10.0.5+4 more2016-04-12
CVE-2016-1377 [MEDIUM] CWE-79 CVE-2016-1377: Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attack
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776.
nvd
CVE-2016-1304MEDIUMCVSS 6.1v10.5\(2.3009\)2016-01-30
CVE-2016-1304 [MEDIUM] CWE-79 CVE-2016-1304: Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attack
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
nvd
CVE-2016-1300MEDIUMCVSS 6.1v10.5\(2.3009\)2016-01-27
CVE-2016-1300 [MEDIUM] CWE-79 CVE-2016-1300: Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote a
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.
nvd
CVE-2015-6408MEDIUMCVSS 6.8v11.5\(0.98\)2015-12-12
CVE-2015-6408 [MEDIUM] CWE-352 CVE-2015-6408: Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote a
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578.
nvd
CVE-2015-6390MEDIUMCVSS 4.3v9.1\(1.10\)2015-12-03
CVE-2015-6390 [MEDIUM] CWE-79 CVE-2015-6390: Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCup92741.
nvd
CVE-2015-6299MEDIUMCVSS 6.5v9.1\(1\)v9.1\(2\)2015-09-20
CVE-2015-6299 [MEDIUM] CWE-89 CVE-2015-6299: SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allo
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824.
nvd
CVE-2015-0716MEDIUMCVSS 6.8v11.0\(0.98000.225\)v11.0\(0.98000.332\)2015-05-07
CVE-2015-0716 [MEDIUM] CWE-352 CVE-2015-0716: Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.
nvd
CVE-2015-0715MEDIUMCVSS 6.5v11.0\(0.98000.225\)2015-05-07
CVE-2015-0715 [MEDIUM] CWE-89 CVE-2015-0715: SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Mana
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.
nvd
CVE-2015-0615HIGHCVSS 7.1v8.5\(1\)v8.5\(1\)su1+19 more2015-04-03
CVE-2015-0615 [HIGH] CWE-19 CVE-2015-0615: The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)S
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.
nvd