Versions
14SU2a
10.5(2)SU1
10.5(1)SU2
11.5(1)SU3
12.5(1)
11.5(1)SU3a
14
11.0(1)SU1
11.5(1)SU8
10.0(1)
11.5(1)SU11
10.5(2)
14SU3
10.5(2a)
12.5(1)SU8
10.5(1)
10.5(2)SU2a
12.5(1)SU5
11.5(1)SU5
12.5(1)SU7
12.5(1)SU6
15SU1
11.5(1)SU7
12.5(1)SU2
14SU1
12.5(1)SU3
11.5(1)SU5a
11.5(1)
14SU4
15
10.5(2)SU4
11.5(1)SU10
10.5(2b)
12.5(1)SU1
10.5(2)SU4a
11.0
11.0(1)
10.0(1)SU2
12.5(1)SU4
10.0(1)SU1
11.5(1)SU4
11.5(1)SU9
11.5(1)SU2
10.5(1)SU1
11.5(1)SU6
14SU2
10.5(1)SU3
10.5(2)SU2
11.5(1)SU1
10.5(2)SU3
Recent CVEs
CVE-2024-20457
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
CVE-2024-20310
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVE-2024-20253
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
CVE-2023-20259
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
CVE-2023-20108
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.