| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The SIP implementation in Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su5, 8.x before 8.5(1)su4, and 8.6 before 8.6(2a)su1; Cisco IOS 12.2 through 12.4 and 15.0 through 15.2; and Cisco IOS XE 3.3.xSG before 3.3.1SG, 3.4.xS, and 3.5.xS allows remote attackers to cause a denial of service (service crash or device reload) via a crafted SIP message containing an SDP session description, aka Bug IDs CSCtw66721, CSCtj33003, and CSCtw84664. |
| The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. |
| Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allow remote attackers to cause a denial of service (device reload) via a crafted SCCP registration, aka Bug ID CSCtu73538. |
| Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified Communications Manager (CUCM) 7.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted response to a SIP SUBSCRIBE message, aka Bug IDs CSCto93837 and CSCtj61883. |
| Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417. |
| Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669. |
| Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256. |
| The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990. |
| The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162. |
| Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x through 3.2.x, and Cisco Unified Communications Manager (CUCM) 6.x and 7.x before 7.1(5b)su4, 8.x before 8.5(1)su2, and 8.6 before 8.6(1) allows remote attackers to cause a denial of service (memory consumption and device reload or process failure) via a malformed SIP message, aka Bug IDs CSCtl86047 and CSCto88686. |
| Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833. |
| SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. |
| Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. |
| SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. |
| SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. |
| SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. |
| SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326. |
| Cisco Unified Communications Manager (UCM) does not require authentication for reading WAR files, which allows remote attackers to obtain sensitive information via unspecified access to a "file storage location," aka Bug ID CSCum05337. |
