Vulnerabilities > Cisco > Unified Communications Manager > 3.3.5.sr1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-21 | CVE-2013-6978 | Information Exposure vulnerability in Cisco Unified Communications Manager The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249. | 4.0 |
2013-11-18 | CVE-2013-6689 | Improper Input Validation vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. | 6.9 |
2013-11-18 | CVE-2013-6688 | Path Traversal vulnerability in Cisco Unified Communications Manager Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. | 6.3 |
2013-08-22 | CVE-2013-3453 | Resource Management Errors vulnerability in Cisco Unified Communications Manager and Unified Presence Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (memory and CPU consumption) by making many TCP connections to port (1) 5060 or (2) 5061, aka Bug ID CSCud84959. | 7.8 |
2010-08-26 | CVE-2010-2838 | Unspecified vulnerability in Cisco Unified Communications Manager The SendCombinedStatusInfo implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.0SU before 7.0(2a)SU3, 7.1 before 7.1(5), and 8.0 before 8.0(3) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REGISTER message, aka Bug ID CSCtf66305. | 7.8 |
2010-08-26 | CVE-2010-2837 | Unspecified vulnerability in Cisco Unified Communications Manager The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310. | 7.8 |
2009-08-27 | CVE-2009-2050 | Unspecified vulnerability in Cisco Unified Communications Manager Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466. | 7.8 |
2007-10-18 | CVE-2007-5538 | Buffer Errors vulnerability in Cisco products Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712. | 10.0 |
2007-10-18 | CVE-2007-5537 | Resource Management Errors vulnerability in Cisco products Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822. | 7.8 |
2007-08-31 | CVE-2007-4634 | SQL Injection vulnerability in Cisco Call Manager and Unified Communications Manager Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265. | 9.3 |