All the vulnerabilites related to Cisco - Cisco Unified Communications Manager IM and Presence Service
cve-2023-20259
Vulnerability from cvelistv5
Published
2023-10-04 16:13
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.
This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.904Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-cucm-apidos-PGsDcdNF", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Emergency Responder", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU3" } ] }, { "product": "Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "14SU3" } ] }, { "product": "Cisco Unified Communications Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "12.5(1)SU7a" }, { "status": "affected", "version": "14SU3" } ] }, { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14SU3" } ] }, { "product": "Cisco Prime Collaboration Deployment", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "14SU3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:58:34.054Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-apidos-PGsDcdNF", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF" } ], "source": { "advisory": "cisco-sa-cucm-apidos-PGsDcdNF", "defects": [ "CSCwf44755", "CSCwf62074", "CSCwf62081", "CSCwf62094", "CSCwf62080" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20259", "datePublished": "2023-10-04T16:13:30.662Z", "dateReserved": "2022-10-27T18:47:50.372Z", "dateUpdated": "2024-08-02T09:05:36.904Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20310
Vulnerability from cvelistv5
Published
2024-04-03 16:19
Modified
2024-08-01 21:59
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(1\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2a\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2b\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su3" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su2a" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su4a" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su4" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su3" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(1\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(1\\)su2" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(1\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su2" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(1\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(2\\)su2" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.5\\(1\\)su2" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su11" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su2" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su3" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su3a" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su4" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su5" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su5a" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su6" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su8" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.5\\(1\\)su9" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.0\\(1\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "11.0\\(1\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su2" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su3" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su4" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su5" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su6" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "12.5\\(1\\)su7" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "14.0" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "14.0su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.0\\(1\\)" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.0\\(1\\)su1" } ] }, { "cpes": [ "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_communications_manager_im_and_presence_service", "vendor": "cisco", "versions": [ { "status": "affected", "version": "10.0\\(1\\)su2" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-20310", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:58:41.263017Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T16:23:39.427Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:59:41.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-cucm-imps-xss-quWkd9yF", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2a)" }, { "status": "affected", "version": "10.5(2b)" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(1)SU3" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(1)SU2" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU5a" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" }, { "status": "affected", "version": "14SU2a" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "10.0(1)SU2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "Relative Path Traversal", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-03T16:36:06.520Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-imps-xss-quWkd9yF", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF" } ], "source": { "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF", "defects": [ "CSCwf41335" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20310", "datePublished": "2024-04-03T16:19:40.031Z", "dateReserved": "2023-11-08T15:08:07.631Z", "dateUpdated": "2024-08-01T21:59:41.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-27121
Vulnerability from cvelistv5
Published
2020-11-06 18:15
Modified
2024-11-13 17:44
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2 | vendor-advisory, x_refsource_CISCO |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:11:35.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-27121", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:22:36.184575Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:44:46.213Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-11-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-06T18:15:38", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2" } ], "source": { "advisory": "cisco-sa-imp-dos-uTx2dqu2", "defect": [ [ "CSCvv75814" ] ], "discovery": "INTERNAL" }, "title": "Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-11-04T16:00:00", "ID": "CVE-2020-27121", "STATE": "PUBLIC", "TITLE": "Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Communications Manager IM and Presence Service", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "4.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-248" } ] } ] }, "references": { "reference_data": [ { "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2" } ] }, "source": { "advisory": "cisco-sa-imp-dos-uTx2dqu2", "defect": [ [ "CSCvv75814" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-27121", "datePublished": "2020-11-06T18:15:38.587985Z", "dateReserved": "2020-10-13T00:00:00", "dateUpdated": "2024-11-13T17:44:46.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20786
Vulnerability from cvelistv5
Published
2022-04-21 18:50
Modified
2024-11-06 16:23
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ | vendor-advisory, x_refsource_CISCO |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:24:49.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20786", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T15:58:47.908237Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:23:08.727Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-04-20T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-21T18:50:22", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ" } ], "source": { "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ", "defect": [ [ "CSCvy16643" ] ], "discovery": "INTERNAL" }, "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-04-20T23:00:00", "ID": "CVE-2022-20786", "STATE": "PUBLIC", "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Communications Manager IM and Presence Service", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.4", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ" } ] }, "source": { "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ", "defect": [ [ "CSCvy16643" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20786", "datePublished": "2022-04-21T18:50:23.035233Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-06T16:23:08.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20242
Vulnerability from cvelistv5
Published
2023-08-16 20:59
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:35.954Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-cucm-imp-xss-QtT4VdsK", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Unified Communications Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1)SU1" }, { "status": "affected", "version": "12.0(1)SU2" }, { "status": "affected", "version": "12.0(1)SU3" }, { "status": "affected", "version": "12.0(1)SU4" }, { "status": "affected", "version": "12.0(1)SU5" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "12.5(1)SU7a" }, { "status": "affected", "version": "12.5(1)SU8" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" }, { "status": "affected", "version": "14SU3" } ] }, { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unified Communications Manager / Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(2)SU10" }, { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(1)SU1a" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(2)SU5" }, { "status": "affected", "version": "10.5(2)SU6" }, { "status": "affected", "version": "10.5(2)SU7" }, { "status": "affected", "version": "10.5(2)SU8" }, { "status": "affected", "version": "10.5(2)SU9" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU3a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU6a" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1a)" }, { "status": "affected", "version": "11.0(1a)SU1" }, { "status": "affected", "version": "11.0(1a)SU2" }, { "status": "affected", "version": "11.0(1a)SU3" }, { "status": "affected", "version": "11.0(1a)SU3a" }, { "status": "affected", "version": "11.0(1a)SU4" }, { "status": "affected", "version": "11.0.1" }, { "status": "affected", "version": "11.0.2" }, { "status": "affected", "version": "11.0.5" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU3b" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "10.0(1)SU2" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:58:29.703Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-imp-xss-QtT4VdsK", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK" } ], "source": { "advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK", "defects": [ "CSCwh00875", "CSCwh02167" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20242", "datePublished": "2023-08-16T20:59:25.126Z", "dateReserved": "2022-10-27T18:47:50.370Z", "dateUpdated": "2024-08-02T09:05:35.954Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1365
Vulnerability from cvelistv5
Published
2021-05-06 12:42
Modified
2024-11-08 23:17
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR | vendor-advisory, x_refsource_CISCO |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:16.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:43:54.547996Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:17:45.414Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-06T12:42:48", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR" } ], "source": { "advisory": "cisco-sa-imp-inj-ereCOKjR", "defect": [ [ "CSCvv20957", "CSCvv21013" ] ], "discovery": "INTERNAL" }, "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00", "ID": "CVE-2021-1365", "STATE": "PUBLIC", "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Communications Manager IM and Presence Service", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR" } ] }, "source": { "advisory": "cisco-sa-imp-inj-ereCOKjR", "defect": [ [ "CSCvv20957", "CSCvv21013" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1365", "datePublished": "2021-05-06T12:42:48.284327Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:17:45.414Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-3532
Vulnerability from cvelistv5
Published
2024-11-18 15:54
Modified
2024-11-18 16:33
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2020-3532", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-18T16:32:58.372032Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-18T16:33:19.375Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unified Communications Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unified Communications Manager / Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;Unified Communications Manager, Cisco\u0026nbsp;Unified Communications Manager Session Management Edition, Cisco\u0026nbsp;Unified Communications Manager IM \u0026amp; Presence Service, and Cisco\u0026nbsp;Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X", "version": "3.0" }, "format": "cvssV3_0" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-18T15:54:09.023Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-cuc-imp-xss-XtpzfM5e", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-XtpzfM5e" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2" }, { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq" } ], "source": { "advisory": "cisco-sa-cucm-cuc-imp-xss-XtpzfM5e", "defects": [ "CSCvt01179" ], "discovery": "INTERNAL" }, "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3532", "datePublished": "2024-11-18T15:54:09.023Z", "dateReserved": "2019-12-12T00:00:00.000Z", "dateUpdated": "2024-11-18T16:33:19.375Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-1363
Vulnerability from cvelistv5
Published
2021-05-06 12:42
Modified
2024-11-08 23:17
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR | vendor-advisory, x_refsource_CISCO |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:11:17.051Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-1363", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-08T20:43:51.245678Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-08T23:17:36.327Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2021-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-05-06T12:42:52", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR" } ], "source": { "advisory": "cisco-sa-imp-inj-ereCOKjR", "defect": [ [ "CSCvv20957", "CSCvv21013" ] ], "discovery": "INTERNAL" }, "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2021-05-05T16:00:00", "ID": "CVE-2021-1363", "STATE": "PUBLIC", "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco Unified Communications Manager IM and Presence Service", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR" } ] }, "source": { "advisory": "cisco-sa-imp-inj-ereCOKjR", "defect": [ [ "CSCvv20957", "CSCvv21013" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2021-1363", "datePublished": "2021-05-06T12:42:52.550519Z", "dateReserved": "2020-11-13T00:00:00", "dateUpdated": "2024-11-08T23:17:36.327Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20457
Vulnerability from cvelistv5
Published
2024-11-06 16:29
Modified
2024-11-06 17:06
Severity ?
EPSS score ?
Summary
Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-20457", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-06T17:06:29.143075Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T17:06:37.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(1)SU2" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "10.0(1)SU2" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "11.0" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "11.5(1)SU5a" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.5(2b)" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2a)" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "14SU2" }, { "status": "affected", "version": "14SU2a" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14SU3" }, { "status": "affected", "version": "12.5(1)SU8" }, { "status": "affected", "version": "15" }, { "status": "affected", "version": "15SU1" }, { "status": "affected", "version": "14SU4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T16:29:12.887Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-imp-inf-disc-cUPKuA5n", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n" } ], "source": { "advisory": "cisco-sa-imp-inf-disc-cUPKuA5n", "defects": [ "CSCwk31853" ], "discovery": "INTERNAL" }, "title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20457", "datePublished": "2024-11-06T16:29:12.887Z", "dateReserved": "2023-11-08T15:08:07.679Z", "dateUpdated": "2024-11-06T17:06:37.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20253
Vulnerability from cvelistv5
Published
2024-01-26 17:28
Modified
2024-08-01 21:52
Severity ?
EPSS score ?
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:52:31.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-cucm-rce-bWNzQcUm", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Unified Contact Center Enterprise", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1)SU1" }, { "status": "affected", "version": "12.0(1)SU2" }, { "status": "affected", "version": "12.0(1)SU3" }, { "status": "affected", "version": "12.0(1)SU4" }, { "status": "affected", "version": "12.0(1)SU5" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" } ] }, { "product": "Cisco Unified Communications Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1)SU1" }, { "status": "affected", "version": "12.0(1)SU2" }, { "status": "affected", "version": "12.0(1)SU3" }, { "status": "affected", "version": "12.0(1)SU4" }, { "status": "affected", "version": "12.0(1)SU5" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "12.5(1)SU7a" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" } ] }, { "product": "Cisco Unified Contact Center Express", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.0(2)SU3ES04" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "10.0(1)SU1ES04" }, { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(1)SU1ES10" }, { "status": "affected", "version": "10.6(1)" }, { "status": "affected", "version": "10.6(1)SU1" }, { "status": "affected", "version": "10.6(1)SU3" }, { "status": "affected", "version": "10.6(1)SU2" }, { "status": "affected", "version": "10.6(1)SU3ES03" }, { "status": "affected", "version": "10.6(1)SU2ES04" }, { "status": "affected", "version": "10.6(1)SU3ES02" }, { "status": "affected", "version": "10.6(1)SU3ES01" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "11.0(1)SU1ES03" }, { "status": "affected", "version": "11.0(1)SU1ES02" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU1ES02" }, { "status": "affected", "version": "11.5(1)SU1ES01" }, { "status": "affected", "version": "11.5(1)SU1ES03" }, { "status": "affected", "version": "11.5(1)ES01" }, { "status": "affected", "version": "12.0(1)" }, { "status": "affected", "version": "12.0(1)ES01" }, { "status": "affected", "version": "12.0(1)ES03" }, { "status": "affected", "version": "12.0(1)ES04" }, { "status": "affected", "version": "12.0(1)ES02" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)_SU01_ES03" }, { "status": "affected", "version": "12.5(1)ES03" }, { "status": "affected", "version": "12.5(1)_SU01_ES01" }, { "status": "affected", "version": "12.5(1)_SU02_ES02" }, { "status": "affected", "version": "12.5(1)_SU01_ES02" }, { "status": "affected", "version": "12.5(1)_SU02_ES03" }, { "status": "affected", "version": "12.5(1)ES01" }, { "status": "affected", "version": "12.5(1)_SU02_ES01" }, { "status": "affected", "version": "12.5(1)ES02" }, { "status": "affected", "version": "12.5(1)_SU03_ES01" }, { "status": "affected", "version": "12.5(1)_SU02_ES04" }, { "status": "affected", "version": "12.5(1)_SU03_ES02" }, { "status": "affected", "version": "12.5(1)_SU03_ES03" }, { "status": "affected", "version": "12.5(1)_SU03_ES04" }, { "status": "affected", "version": "11.6(1)" }, { "status": "affected", "version": "11.6(2)" }, { "status": "affected", "version": "11.6(1)ES01" }, { "status": "affected", "version": "11.6(2)ES06" }, { "status": "affected", "version": "11.6(1)ES02" }, { "status": "affected", "version": "11.6(2)ES01" }, { "status": "affected", "version": "11.6(2)ES03" }, { "status": "affected", "version": "11.6(2)ES07" }, { "status": "affected", "version": "11.6(2)ES08" }, { "status": "affected", "version": "11.6(2)ES02" }, { "status": "affected", "version": "11.6(2)ES05" }, { "status": "affected", "version": "11.6(2)ES04" } ] }, { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2a)" }, { "status": "affected", "version": "10.5(2b)" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(1)SU3" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(1)SU2" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU5a" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" }, { "status": "affected", "version": "14SU2a" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "10.0(1)SU2" } ] }, { "product": "Cisco Virtualized Voice Browser", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)ES29" }, { "status": "affected", "version": "11.5(1)ES32" }, { "status": "affected", "version": "11.5(1)_ES43" }, { "status": "affected", "version": "11.5(1)_ES54" }, { "status": "affected", "version": "11.5(1)_ES27" }, { "status": "affected", "version": "11.5(1)ES36" }, { "status": "affected", "version": "11.5(1)_ES32" }, { "status": "affected", "version": "11.5(1)_ES29" }, { "status": "affected", "version": "11.5(1)_ES36" }, { "status": "affected", "version": "11.5(1)ES43" }, { "status": "affected", "version": "11.5(1)_ES53" }, { "status": "affected", "version": "11.5(1)ES27" }, { "status": "affected", "version": "11.6(1)" }, { "status": "affected", "version": "11.6(1)_ES82" }, { "status": "affected", "version": "11.6(1)_ES22" }, { "status": "affected", "version": "11.6(1)_ES81" }, { "status": "affected", "version": "11.6(1)_ES87" }, { "status": "affected", "version": "11.6(1)_ES84" }, { "status": "affected", "version": "11.6(1)_ES85" }, { "status": "affected", "version": "11.6(1)_ES83" }, { "status": "affected", "version": "11.6(1)_ES80" }, { "status": "affected", "version": "11.6(1)_ES86" }, { "status": "affected", "version": "11.6(1)_ES88" }, { "status": "affected", "version": "12.5(1)_ES04" }, { "status": "affected", "version": "12.5(1)_ES07" }, { "status": "affected", "version": "12.5(1)_ES02" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)_ES08" }, { "status": "affected", "version": "12.5(1)_ES03" }, { "status": "affected", "version": "12.5(1)_ES06" }, { "status": "affected", "version": "12.5(1)_ES09" }, { "status": "affected", "version": "12.5(1)_ES14" }, { "status": "affected", "version": "12.5(1)SU" }, { "status": "affected", "version": "12.5(1)_ES15" }, { "status": "affected", "version": "12.5(1)_SU" }, { "status": "affected", "version": "12.5(1)_SU_ES01" }, { "status": "affected", "version": "12.5(1)_ES11" }, { "status": "affected", "version": "12.5(1)_ES12" }, { "status": "affected", "version": "12.5(2)_ET" }, { "status": "affected", "version": "12.5(1)_SU_ES02" }, { "status": "affected", "version": "12.5(1)_ES10" }, { "status": "affected", "version": "12.0(1)" }, { "status": "affected", "version": "12.0(1)_ES02" }, { "status": "affected", "version": "12.0(1)_ES01" }, { "status": "affected", "version": "12.0(1)_ES06" }, { "status": "affected", "version": "12.0(1)_ES07" }, { "status": "affected", "version": "12.0(1)_ES05" }, { "status": "affected", "version": "12.0(1)_ES04" }, { "status": "affected", "version": "12.0(1)_ES03" }, { "status": "affected", "version": "12.0(1)_ES08" }, { "status": "affected", "version": "12.6(1)" }, { "status": "affected", "version": "12.6(1)_ES04" }, { "status": "affected", "version": "12.6(1)_ES03" }, { "status": "affected", "version": "12.6(1)_ES09" }, { "status": "affected", "version": "12.6(1)_ES06" }, { "status": "affected", "version": "12.6(1)_ES08" }, { "status": "affected", "version": "12.6(1)_ES05" }, { "status": "affected", "version": "12.6(2)_ES03" }, { "status": "affected", "version": "12.6(1)_ES02" }, { "status": "affected", "version": "12.6(1)_ES01" }, { "status": "affected", "version": "12.6(2)" }, { "status": "affected", "version": "12.6(2)_ET01" }, { "status": "affected", "version": "12.6(2)_ES02" }, { "status": "affected", "version": "12.6(2)_ES01" }, { "status": "affected", "version": "12.6(1)_ES07" } ] }, { "product": "Cisco Packaged Contact Center Enterprise", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(1)_ES7" }, { "status": "affected", "version": "10.5(2)_ES8" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(2)" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.6(1)" }, { "status": "affected", "version": "11.6(2)" }, { "status": "affected", "version": "12.0(1)" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(2)" }, { "status": "affected", "version": "12.6(1)" }, { "status": "affected", "version": "12.6(2)" } ] }, { "product": "Cisco Unified Communications Manager / Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(2)SU10" }, { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(1)SU1a" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(2)SU5" }, { "status": "affected", "version": "10.5(2)SU6" }, { "status": "affected", "version": "10.5(2)SU7" }, { "status": "affected", "version": "10.5(2)SU8" }, { "status": "affected", "version": "10.5(2)SU9" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU3a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU6a" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1a)" }, { "status": "affected", "version": "11.0(1a)SU1" }, { "status": "affected", "version": "11.0(1a)SU2" }, { "status": "affected", "version": "11.0(1a)SU3" }, { "status": "affected", "version": "11.0(1a)SU3a" }, { "status": "affected", "version": "11.0(1a)SU4" }, { "status": "affected", "version": "11.0.1" }, { "status": "affected", "version": "11.0.2" }, { "status": "affected", "version": "11.0.5" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU3b" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "10.0(1)SU2" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-02T15:42:33.881Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-rce-bWNzQcUm", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm" } ], "source": { "advisory": "cisco-sa-cucm-rce-bWNzQcUm", "defects": [ "CSCwe18830", "CSCwe18773", "CSCwe18840", "CSCwd64292", "CSCwd64245", "CSCwd64276" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20253", "datePublished": "2024-01-26T17:28:30.761Z", "dateReserved": "2023-11-08T15:08:07.622Z", "dateUpdated": "2024-08-01T21:52:31.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20108
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.889Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-cucm-imp-dos-49GL7rzT", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2a)" }, { "status": "affected", "version": "10.5(2b)" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(1)SU3" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(1)SU2" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU5a" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" }, { "status": "affected", "version": "14SU2a" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "10.0(1)SU2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-789", "description": "Uncontrolled Memory Allocation", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:44.711Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-imp-dos-49GL7rzT", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT" } ], "source": { "advisory": "cisco-sa-cucm-imp-dos-49GL7rzT", "defects": [ "CSCvy16642" ], "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20108", "datePublished": "2023-06-28T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-08-02T08:57:35.889Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }