Cisco Virtualized Voice Browser vulnerabilities

5 known vulnerabilities affecting cisco/virtualized_voice_browser.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL2HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2025-20278MEDIUMCVSS 6.7fixed in 12.6\(2\)es062025-06-04

CVE-2025-20278 [MEDIUM] CWE-77 CVE-2025-20278: A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenti A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerab

CVE-2024-20253CRITICALCVSS 10.0v12.5\(1\)v12.6\(1\)+1 more2024-01-26

CVE-2024-20253 [CRITICAL] CWE-502 CVE-2024-20253: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by se

CVE-2021-44228CRITICALCVSS 10.0KEVPoCfixed in 12.5\(1\)2021-12-10

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-1575MEDIUMCVSS 6.1fixed in 12.6\(1\)2021-07-08

CVE-2021-1575 [MEDIUM] CWE-79 CVE-2021-1575: A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could ex

CVE-2017-6779HIGHCVSS 7.5≥ 11.6, < 11.6\(1\)2018-06-07

CVE-2017-6779 [HIGH] CWE-399 CVE-2017-6779: Multiple Cisco products are affected by a vulnerability in local file management for certain system Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maxi