Cisco Unity Express vulnerabilities
2 known vulnerabilities affecting cisco/unity_express.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-15381P1CRITICALCVSS 9.8fixed in 9.0.62018-11-08
CVE-2018-15381 [CRITICAL] CWE-502 CVE-2018-15381: A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, re
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a
nvd
CVE-2019-15986P4MEDIUMCVSS 6.7fixed in 10.12019-11-26
CVE-2019-15986 [MEDIUM] CWE-78 CVE-2019-15986: A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to in
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a
nvd