Search criteria
114 vulnerabilities found for unified_communications_manager_im_and_presence_service by cisco
FKIE_CVE-2025-20330
Vulnerability from fkie_nvd - Published: 2025-09-03 18:15 - Updated: 2025-09-10 17:36
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80C353CB-E784-4AB1-B13C-0DC185560850",
"versionEndExcluding": "15su3",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B03B32-1774-4DF8-A065-65BA8D1FBD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F161FAB-C375-4F2D-BF13-1645BA6A06F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"id": "CVE-2025-20330",
"lastModified": "2025-09-10T17:36:51.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-09-03T18:15:34.177",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2025-20278
Vulnerability from fkie_nvd - Published: 2025-06-04 17:15 - Updated: 2025-07-31 15:02
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "79D5BACD-F4DB-4633-BFDA-09610BA242B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es1:*:*:*:*:*:*:*",
"matchCriteriaId": "D37E02C3-B63F-43D9-AF7F-76609C424620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es2:*:*:*:*:*:*:*",
"matchCriteriaId": "C869C393-AD1F-4334-92F6-F5CB11979EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80412C-6BFF-44D7-B3B6-D8CC19D93296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C8DA33-8104-414A-8C63-1405C6EEB362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es5:*:*:*:*:*:*:*",
"matchCriteriaId": "19B8D09E-0967-4938-BFB8-BF25F382CFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es6:*:*:*:*:*:*:*",
"matchCriteriaId": "C72CA386-7B02-4338-8DF1-94E9E750B1FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B3F4B9-7075-4FBE-BFEC-2353BA022985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es8:*:*:*:*:*:*:*",
"matchCriteriaId": "452114E6-AE9B-4530-AA32-BBD020D06124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es9:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF4C48E-BC31-4949-9BB3-9FFDC12D1D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es10:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6BF05F-72DF-486B-932B-DC2F50DB10B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "01597DCF-AC44-4FDF-A1B5-5ED7F32DBB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es1:*:*:*:*:*:*",
"matchCriteriaId": "9A16F5BD-987C-41DA-98B1-66496F95CFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es2:*:*:*:*:*:*",
"matchCriteriaId": "78D4AE20-6DBE-455D-AAE4-1AB2DE8D6E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es3:*:*:*:*:*:*",
"matchCriteriaId": "030DE3E5-5DB2-46F7-BDAE-EC103C22C832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es4:*:*:*:*:*:*",
"matchCriteriaId": "173AC31D-3A0E-4885-A294-78756C747035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es5:*:*:*:*:*:*",
"matchCriteriaId": "F8948CB7-7792-429B-93F5-5F3AF98B14AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es6:*:*:*:*:*:*",
"matchCriteriaId": "F5B88E85-8485-4F07-973B-864328F2631A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es7:*:*:*:*:*:*",
"matchCriteriaId": "8B04AB8B-9D7A-4906-A655-A489D32B3036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "AC833139-6461-4383-A02A-BB395F3E3E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es1:*:*:*:*:*:*",
"matchCriteriaId": "6648DCBA-E3F7-4AFC-B5A2-BC57CF8F5F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es2:*:*:*:*:*:*",
"matchCriteriaId": "2DBCBEB3-F52E-44C3-9C3A-67D2DEDCD4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es3:*:*:*:*:*:*",
"matchCriteriaId": "9FA81305-8164-4E75-BC7A-974E212DDFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es4:*:*:*:*:*:*",
"matchCriteriaId": "7603F952-EC9A-4D1C-8672-1C1DD599B471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es5:*:*:*:*:*:*",
"matchCriteriaId": "1E2F3098-64AB-4355-9E75-23392F670110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es6:*:*:*:*:*:*",
"matchCriteriaId": "7324F249-B6A8-47AC-B4E3-BD7D1D180960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "7E507E31-71FA-437D-B325-48281650CFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es1:*:*:*:*:*:*",
"matchCriteriaId": "7AEC47C7-E04D-4780-A574-5131D71B55C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es10:*:*:*:*:*:*",
"matchCriteriaId": "5C7322DB-1B4B-4E9A-AD3B-0856905108B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es11:*:*:*:*:*:*",
"matchCriteriaId": "F7B58C17-84F5-4243-A00C-F9A5558EBF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es2:*:*:*:*:*:*",
"matchCriteriaId": "881A361D-FD14-4206-855A-779D03810B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es3:*:*:*:*:*:*",
"matchCriteriaId": "64E6AE5B-5753-48D6-98AB-B39981AEB9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es4:*:*:*:*:*:*",
"matchCriteriaId": "D917999F-E9AF-40C2-969A-36C8D5934590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es5:*:*:*:*:*:*",
"matchCriteriaId": "83BC183B-4CB6-47FB-9AAA-78E5E75BEB3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es6:*:*:*:*:*:*",
"matchCriteriaId": "93E2DBF0-FAF3-40A7-8BA4-9A56CD6D8939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es7:*:*:*:*:*:*",
"matchCriteriaId": "A071AD17-9134-43D0-A3C3-FF7348AA0DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es8:*:*:*:*:*:*",
"matchCriteriaId": "0EBC41A8-BE9B-4F19-A287-52A9DFEF2162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es9:*:*:*:*:*:*",
"matchCriteriaId": "DCB0C670-4159-4ECB-B520-FF4197381E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\)_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "CB97E302-0642-453F-927E-A6370EB7CBA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "2D876E49-DF49-4CEF-B2E8-95AEB5FE651A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es1:*:*:*:*:*:*",
"matchCriteriaId": "02E2FDD7-5C71-426B-8578-2B57582BC76F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es2:*:*:*:*:*:*",
"matchCriteriaId": "ECAE1945-C1AF-488D-90AA-BDF6BE2C9B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es3:*:*:*:*:*:*",
"matchCriteriaId": "0BEF7143-A46F-4591-96CA-765503897C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es4:*:*:*:*:*:*",
"matchCriteriaId": "1BB52449-3211-42CC-85D7-C0E6EC4A4BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es5:*:*:*:*:*:*",
"matchCriteriaId": "5E28915E-1F4D-4A65-9FEB-848908567277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es6:*:*:*:*:*:*",
"matchCriteriaId": "786F037D-FC43-4024-9746-4C81C5F471C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es7:*:*:*:*:*:*",
"matchCriteriaId": "9E6B0E93-7805-4076-BB46-A5D1DC8102DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es8:*:*:*:*:*:*",
"matchCriteriaId": "D6A77483-98FD-417B-8BAA-2C2DAEE41DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "3629695A-A121-4963-9BAC-9AEF3A4FABF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es1:*:*:*:*:*:*",
"matchCriteriaId": "F6DC24C6-F2A0-431F-86BA-68F706E19549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es2:*:*:*:*:*:*",
"matchCriteriaId": "6F457A6B-426E-426D-9229-0609727E59AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es3:*:*:*:*:*:*",
"matchCriteriaId": "96F4A329-A0DE-4853-B605-F26DD5C96BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es4:*:*:*:*:*:*",
"matchCriteriaId": "B75F5E70-70EB-4C39-972D-5E55FACC6540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es5:*:*:*:*:*:*",
"matchCriteriaId": "6FA9D96D-8A0D-4AA0-9072-8D5610FF966D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es6:*:*:*:*:*:*",
"matchCriteriaId": "EBDB20F0-C090-45F7-9FD2-91A6E29A4A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es7:*:*:*:*:*:*",
"matchCriteriaId": "EA550F6E-E4A7-421E-A437-85978B95B149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es8:*:*:*:*:*:*",
"matchCriteriaId": "C25DF954-39E6-4C0A-80BD-AABAB9CE6767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su:*:*:*:*:*:*",
"matchCriteriaId": "80250CAD-F57B-4744-8003-5A156995A813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es1:*:*:*:*:*:*",
"matchCriteriaId": "80386F8A-0A80-44BE-ABE0-A5607FD647F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es2:*:*:*:*:*:*",
"matchCriteriaId": "FD034AE2-F64A-4E4B-B5E3-CCD03D0DFDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es3:*:*:*:*:*:*",
"matchCriteriaId": "EB805752-C6E2-4442-A742-AEA46BCE7058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0AAAD5C7-2485-49CE-BF11-AD5A37DE02AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
"matchCriteriaId": "28B1524E-FDCA-4570-86DD-CE396271B232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
"matchCriteriaId": "74DC6F28-BFEF-4D89-93D5-10072DAC39C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
"matchCriteriaId": "BA1D60D7-1B4A-4EEE-A26C-389D9271E005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es04:*:*:*:*:*:*",
"matchCriteriaId": "CBB30A12-F8D7-403C-B430-A2ECF57F6FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es05:*:*:*:*:*:*",
"matchCriteriaId": "2C660245-93FF-454C-BE89-56D185105E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es06:*:*:*:*:*:*",
"matchCriteriaId": "D68B5D94-C071-4CCA-B0F1-1EB9748F2773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es07:*:*:*:*:*:*",
"matchCriteriaId": "C4B917B3-486D-40F0-BA3C-02F3C2FBDE4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es07_et:*:*:*:*:*:*",
"matchCriteriaId": "6FA347C0-A5B5-4148-987A-72BC9021EAB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es08:*:*:*:*:*:*",
"matchCriteriaId": "C619F70A-F119-4252-BB9E-1C46587B8346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es09:*:*:*:*:*:*",
"matchCriteriaId": "AC1D7342-C9E4-4831-AD71-EF806AD56C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es10:*:*:*:*:*:*",
"matchCriteriaId": "D3B65C32-F0B5-45D5-91B3-A2AF40FD711C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es11:*:*:*:*:*:*",
"matchCriteriaId": "AAEA5E13-FD7F-4AD3-A775-2FB839B8F040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8C98A1AA-4F49-4DD8-B4F4-6194E487BBE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es01:*:*:*:*:*:*",
"matchCriteriaId": "CCCF715C-5DDF-4586-AF7B-C2C3579F6041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es02:*:*:*:*:*:*",
"matchCriteriaId": "2C21D0F8-E157-4094-98BF-0CCCE0505CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es03:*:*:*:*:*:*",
"matchCriteriaId": "5B3E1F6B-7054-42E0-A3E4-542B32646653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es04:*:*:*:*:*:*",
"matchCriteriaId": "585DB839-C795-40E0-88FE-C831426E1F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es05:*:*:*:*:*:*",
"matchCriteriaId": "8E743A73-666C-4431-9030-7B0EC67C95F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:socialminer:10.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3F8BC85C-F3C7-4FE6-97D5-30C2DA4858D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8496A6AF-FF0B-4DCD-9524-4C89E74B44C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0D8D8B8B-FD28-4A42-8364-72D896742533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "152B13F1-4EB5-4DA0-A943-326F8F324432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9CBA712A-A9FC-4DA9-A06A-9A49A0355F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "D807EB1C-6970-4A6D-B50A-A16DC43C443E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6D53D578-A6D5-4BD0-9CD2-C8E496D136B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "24871067-7ADC-473D-A148-A82BE2C158A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es02:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5C6FC1-CD6B-48C0-803C-E77C4B182A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es03:*:*:*:*:*:*:*",
"matchCriteriaId": "9898EB83-A3A1-45A8-9E88-09A5A27D6EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es04:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AB2650-7D2B-4117-888D-CCB5E894E5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D32D6A4A-08E6-470E-B82C-D5E4E4B810FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)es01:*:*:*:*:*:*:*",
"matchCriteriaId": "15F7499F-5F1E-47BA-8A84-33B55CA4E966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "33B065FE-3FA0-4109-90F3-57EABB2DB6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA97B42-BE0D-4D64-9791-C74DE3DB3EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "811913C6-4E1B-449F-9E95-F57D96436A59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EB73BD4-9ECC-458E-925D-FECE9A49BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C9751FC-5C3C-4D7B-B368-39FF096C1581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "E411B60D-4EFA-4A8C-A9A0-74B7524B2B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7EAB06-39FB-4897-BDCC-B84041DA9AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "2E727720-92A8-430E-881F-091ACC71E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "511D0C5D-55DB-4293-BFE0-17D31073C5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "294B9E10-2CF1-47D3-9725-E2A568E17AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "397E6105-7508-4DEB-AD6D-1E702E31C875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7a:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD5882F-47AD-44BF-BAF5-4DA6B59A45A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "65580374-43E4-4EB4-8D66-76FB8AF11568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
"matchCriteriaId": "D501B7FB-1335-4C44-8C4F-DDF033A41E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5D489D-D2D3-4784-8B80-209344A9FC76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "00310A4E-8CC5-4AE4-ACC3-80F1066D4EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D2915C-E4C2-404B-BC2E-10FAAE34A98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC46928-718B-4CCB-AE4F-A974ACD52AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6FDB4C-ABA5-418A-81DC-C1735F3F6795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "CC698BDD-2C43-4F6B-BD9A-29FE9A03449B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "46366B52-A3BE-43B6-9861-1ED8271E224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "E32FBC94-72DA-4467-8A63-74C3A3AF7FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "00D141B1-48C4-4214-BD66-C0BE88B89863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su9:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9693DD-CCAC-418C-9C7A-9E9E8A153B3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
"matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
"matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
"matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
"matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
"matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
"matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
"matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
"matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
"matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
"matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
"matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
"matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
"matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
"matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
"matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
"matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
"matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
"matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
"matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
"matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
"matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
"matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
"matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
"matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
"matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
"matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
"matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
"matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
"matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
"matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
"matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
"matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
"matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3836BAC-BF47-4212-9018-9797A89A528B",
"versionEndExcluding": "12.6\\(2\\)es_04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1C9DD393-7E10-4EE5-9FB4-855F3231F989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D2C89A9-B258-4BEC-9819-7AF3229F4343",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E53369D-EABA-4381-8480-237881743CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCEF0CC-0553-4886-863B-61F1994D039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "5E310C92-6C6B-4198-9220-4D43730B1AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2FF97D-3E51-473C-8466-E451771BE938",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "86884D5E-B015-447A-9834-1264315FCC50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "538BCDAE-A94C-4343-B63B-5D29023707E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "E89A84F3-E075-4CAF-9B3C-5F080FC37F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDF5353-D773-460B-B02A-5409112BE2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su9:*:*:*:*:*:*:*",
"matchCriteriaId": "30DE4A5D-BC2D-4F77-91C0-E978EA02AAD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C923C78-995C-4988-8123-DC32B519A711",
"versionEndExcluding": "12.6\\(2\\)es06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI de varios productos de Cisco Unified Communications podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los argumentos de comando proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad ejecutando comandos manipulados en la CLI de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de administrador v\u00e1lidas.\n"
}
],
"id": "CVE-2025-20278",
"lastModified": "2025-07-31T15:02:05.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-04T17:15:27.963",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-20457
Vulnerability from fkie_nvd - Published: 2024-11-06 17:15 - Updated: 2025-08-07 19:11
Severity ?
Summary
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BFD968EF-BBC1-427E-9CD8-D5928D8ACDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A77870-605E-4186-B45A-79D3EFFCC496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C0FB91-D152-4814-84C0-911A21EAE69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "07CA186C-F010-4C41-9F27-56639DF8D0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "389312AC-4768-439D-93FC-868841151EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A912842-76D8-4CF8-BC7A-3D189BCC0C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F68D7-77BB-4F48-9839-9F5B17CC6242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF58FA68-5EEC-47A2-AD8C-2342B449741D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "598974FC-1388-404B-BB14-56C4CF8B6296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "19674018-01CF-42CB-84AE-896D783C95DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*",
"matchCriteriaId": "754348C2-028E-4125-8B81-A285DB72963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "26E552E4-A519-4D64-99F0-DE2DBF214085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B66E34B-6E58-4BC9-A003-99626CD3C4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC2B99F-5426-4E3F-883A-98FB464639BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DB1A2B7C-5176-463A-80D6-7A858A43A27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEFF49F2-8957-452B-A966-F508D0B57793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2975FFDC-648B-48E1-A9B5-0DB9FC668C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ABAD4CA1-E77D-48EC-8C84-2B184D003E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "5789C97A-CCA7-4B41-ADD4-08B062500135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F21F92F-B96A-47F4-9E9D-4740C1E90FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "91E4DACD-BD48-4C47-97BA-0FCDADF9EC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0950B5-C1DE-44E6-8976-2760DA1738DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD6C1CC-60AD-46E0-851B-382C3E1B6294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "566158C9-D3F6-4596-AAAD-93CA8E020049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "DADCFF5C-5B65-412E-AAD4-6E75DF91C372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FA64AE-41CD-4377-AA9B-0A9A7B636EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAAA645-16BC-4CC4-A7DA-E9376AB69C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "C73DA9AE-07F7-4D03-A0A6-ECAF214A4BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "04251334-E627-42D0-A790-E50A4332D16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DA086C-4291-41AB-AE80-1C3D0908A379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su10:*:*:*:*:*:*:*",
"matchCriteriaId": "03B1100A-FC8C-4B81-A3BF-36276DBF2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*",
"matchCriteriaId": "67EE425C-8510-443A-AA50-45E04A1419D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "00310A4E-8CC5-4AE4-ACC3-80F1066D4EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D2915C-E4C2-404B-BC2E-10FAAE34A98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC46928-718B-4CCB-AE4F-A974ACD52AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6FDB4C-ABA5-418A-81DC-C1735F3F6795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "CC698BDD-2C43-4F6B-BD9A-29FE9A03449B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "46366B52-A3BE-43B6-9861-1ED8271E224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "E32FBC94-72DA-4467-8A63-74C3A3AF7FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "00D141B1-48C4-4214-BD66-C0BE88B89863",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de registro de Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) podr\u00eda permitir que un atacante remoto autenticado vea informaci\u00f3n confidencial en texto plano en un sistema afectado. Esta vulnerabilidad se debe al almacenamiento de credenciales no cifradas en ciertos registros. Un atacante podr\u00eda aprovechar esta vulnerabilidad accediendo a los registros de un sistema afectado y obteniendo credenciales a las que normalmente no tendr\u00eda acceso. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial del dispositivo."
}
],
"id": "CVE-2024-20457",
"lastModified": "2025-08-07T19:11:21.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-11-06T17:15:15.107",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-20310
Vulnerability from fkie_nvd - Published: 2024-04-03 17:15 - Updated: 2025-08-01 18:52
Severity ?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BFD968EF-BBC1-427E-9CD8-D5928D8ACDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A77870-605E-4186-B45A-79D3EFFCC496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C0FB91-D152-4814-84C0-911A21EAE69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "07CA186C-F010-4C41-9F27-56639DF8D0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "389312AC-4768-439D-93FC-868841151EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A912842-76D8-4CF8-BC7A-3D189BCC0C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F68D7-77BB-4F48-9839-9F5B17CC6242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BF58FA68-5EEC-47A2-AD8C-2342B449741D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "598974FC-1388-404B-BB14-56C4CF8B6296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "19674018-01CF-42CB-84AE-896D783C95DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*",
"matchCriteriaId": "754348C2-028E-4125-8B81-A285DB72963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "26E552E4-A519-4D64-99F0-DE2DBF214085",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B66E34B-6E58-4BC9-A003-99626CD3C4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC2B99F-5426-4E3F-883A-98FB464639BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DB1A2B7C-5176-463A-80D6-7A858A43A27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEFF49F2-8957-452B-A966-F508D0B57793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "ABAD4CA1-E77D-48EC-8C84-2B184D003E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "5789C97A-CCA7-4B41-ADD4-08B062500135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F21F92F-B96A-47F4-9E9D-4740C1E90FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "91E4DACD-BD48-4C47-97BA-0FCDADF9EC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF0950B5-C1DE-44E6-8976-2760DA1738DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD6C1CC-60AD-46E0-851B-382C3E1B6294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "566158C9-D3F6-4596-AAAD-93CA8E020049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "DADCFF5C-5B65-412E-AAD4-6E75DF91C372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FA64AE-41CD-4377-AA9B-0A9A7B636EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAAA645-16BC-4CC4-A7DA-E9376AB69C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "C73DA9AE-07F7-4D03-A0A6-ECAF214A4BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*",
"matchCriteriaId": "04251334-E627-42D0-A790-E50A4332D16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DA086C-4291-41AB-AE80-1C3D0908A379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su10:*:*:*:*:*:*:*",
"matchCriteriaId": "03B1100A-FC8C-4B81-A3BF-36276DBF2F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*",
"matchCriteriaId": "67EE425C-8510-443A-AA50-45E04A1419D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "00310A4E-8CC5-4AE4-ACC3-80F1066D4EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D2915C-E4C2-404B-BC2E-10FAAE34A98B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC46928-718B-4CCB-AE4F-A974ACD52AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA6FDB4C-ABA5-418A-81DC-C1735F3F6795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "CC698BDD-2C43-4F6B-BD9A-29FE9A03449B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "46366B52-A3BE-43B6-9861-1ED8271E224C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*",
"matchCriteriaId": "E32FBC94-72DA-4467-8A63-74C3A3AF7FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F161FAB-C375-4F2D-BF13-1645BA6A06F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*",
"matchCriteriaId": "E67BA8A5-6641-4710-A968-82A88A1361C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su2:*:*:*:*:*:*:*",
"matchCriteriaId": "4838F8D3-ADE8-4CD5-9A3D-31B0D97DC7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su2a:*:*:*:*:*:*:*",
"matchCriteriaId": "092B2D7F-ED1B-49BA-B61D-0AA832D9A47D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz basada en web de Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross Site Scripting (XSS) contra un usuario autenticado de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario autenticado de la interfaz para que haga clic en un enlace manipulado. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"id": "CVE-2024-20310",
"lastModified": "2025-08-01T18:52:58.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-04-03T17:15:48.513",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20253
Vulnerability from fkie_nvd - Published: 2024-01-26 18:15 - Updated: 2025-05-29 16:15
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FB3C1282-5EC8-4E46-ADD9-898449D96A22",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "312C8052-DA09-4B61-9E90-E9EEE265A4BC",
"versionEndExcluding": "14su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "EA4F43B2-1C73-415B-84BF-26D0322FA2C1",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "C64C5167-7428-4F9E-B1E9-CAD3236B64AD",
"versionEndExcluding": "14su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9029D-553F-43FD-8F37-86B11A17EC91",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D09B9BD3-3C31-4816-AD4C-043543C56DB5",
"versionEndExcluding": "14.0su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BC7834-136A-4117-BEDC-0C96EC59227B",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06851CA9-B778-4471-BB1D-A2237B225A4C",
"versionEndExcluding": "14su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3164D29F-4726-4438-9F31-8644B1C2F0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7A2BE523-1AAF-4AB5-ACA3-A1E194590B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0A7B033E-5B7F-4C11-9C6C-CA4363770A7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en m\u00faltiples productos Cisco Unified Communications y Contact Center Solutions podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe al procesamiento inadecuado de los datos proporcionados por el usuario que se leen en la memoria. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un mensaje manipulado a un puerto de escucha de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario de servicios web. Con acceso al sistema operativo subyacente, el atacante tambi\u00e9n podr\u00eda establecer acceso root en el dispositivo afectado."
}
],
"id": "CVE-2024-20253",
"lastModified": "2025-05-29T16:15:33.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-26T18:15:10.970",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-20242
Vulnerability from fkie_nvd - Published: 2023-08-16 21:15 - Updated: 2024-11-21 07:40
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | 11.5\(1\) | |
| cisco | unified_communications_manager | 11.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 12.5\(1\) | |
| cisco | unified_communications_manager | 14.0 | |
| cisco | unified_communications_manager | 14.0 | |
| cisco | unified_communications_manager_im_and_presence_service | 11.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
"matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3EB73BD4-9ECC-458E-925D-FECE9A49BD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:session_management:*:*:*",
"matchCriteriaId": "EB810DDE-18A0-4168-8EC1-726DA62453E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFCAAB4-CED3-4D68-9572-15B27876B1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:14.0:*:*:*:session_management:*:*:*",
"matchCriteriaId": "5B613D5E-BF3D-426B-9A5B-0322D48EE693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F161FAB-C375-4F2D-BF13-1645BA6A06F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"id": "CVE-2023-20242",
"lastModified": "2024-11-21T07:40:58.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T21:15:09.800",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-20108
Vulnerability from fkie_nvd - Published: 2023-06-28 15:15 - Updated: 2024-11-21 07:40
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager_im_and_presence_service | 12.5\(1\) | |
| cisco | unified_communications_manager_im_and_presence_service | 14su |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14su:*:*:*:*:*:*:*",
"matchCriteriaId": "0574B341-1765-4B9F-8EA6-1812B7A1E35B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
}
],
"id": "CVE-2023-20108",
"lastModified": "2024-11-21T07:40:34.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-28T15:15:09.577",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-20859
Vulnerability from fkie_nvd - Published: 2022-07-06 21:15 - Updated: 2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unity_connection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90259C71-D12C-4E4D-99B1-94CB7273608C",
"versionEndExcluding": "14su2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1ED14-2795-48C1-94A6-24BB2272277F",
"versionEndExcluding": "14.0su2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D713E0A3-D63C-42E6-804C-865801407787",
"versionEndExcluding": "14su2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el marco de Recuperaci\u00f3n de Desastres de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), y Cisco Unity Connection podr\u00eda permitir a un atacante autenticado y remoto llevar a cabo determinadas acciones administrativas que no deber\u00edan poder. Esta vulnerabilidad es debido a una comprobaci\u00f3n de control de acceso insuficiente en el dispositivo afectado. Un atacante con privilegios de s\u00f3lo lectura podr\u00eda explotar esta vulnerabilidad al ejecutar un comando vulnerable espec\u00edfico en un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante llevar a cabo una serie de acciones administrativas que no deber\u00eda poder realizar"
}
],
"id": "CVE-2022-20859",
"lastModified": "2024-11-21T06:43:42.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T21:15:11.797",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-20800
Vulnerability from fkie_nvd - Published: 2022-07-06 21:15 - Updated: 2024-11-21 06:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager | * | |
| cisco | unified_communications_manager_im_and_presence_service | * | |
| cisco | unity_connection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6326B3E-C1A4-4151-89AB-648545C554DC",
"versionEndExcluding": "14su2",
"versionStartIncluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "B8D0B3BD-AD4D-4DD0-984E-447788439C9D",
"versionEndExcluding": "14su2",
"versionStartIncluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32CBA332-C88F-4C4A-9795-BE61690AA1B4",
"versionEndExcluding": "12.5\\(1\\)su5",
"versionStartIncluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4910BE2-8BF3-473D-A5C5-26B59E6A0C8F",
"versionEndExcluding": "14su2",
"versionStartIncluding": "11.5\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), y Cisco Unity Connection podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad es debido a que la interfaz de administraci\u00f3n basada en web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace dise\u00f1ado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador"
}
],
"id": "CVE-2022-20800",
"lastModified": "2024-11-21T06:43:34.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T21:15:11.543",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-20815
Vulnerability from fkie_nvd - Published: 2022-07-06 21:15 - Updated: 2024-11-21 06:43
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90259C71-D12C-4E4D-99B1-94CB7273608C",
"versionEndExcluding": "14su2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "8856CD06-9CD4-43EF-8D64-A8D0FDE09696",
"versionEndExcluding": "14su2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12A3E282-8E16-4BEA-BEB6-99630CCAEB3A",
"versionEndExcluding": "11.5\\(1\\)su11",
"versionStartIncluding": "11.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2B6AA9-7E2D-4CBB-AFDB-6D5B52AFAB1C",
"versionEndExcluding": "12.5\\(1\\)su6",
"versionStartIncluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC1ED14-2795-48C1-94A6-24BB2272277F",
"versionEndExcluding": "14.0su2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME) y Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad es debido a que la interfaz de administraci\u00f3n basada en web no comprueba correctamente las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad al convencer a un usuario de la interfaz para que haga clic en un enlace dise\u00f1ado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador"
}
],
"id": "CVE-2022-20815",
"lastModified": "2024-11-21T06:43:36.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T21:15:11.740",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-20791
Vulnerability from fkie_nvd - Published: 2022-07-06 21:15 - Updated: 2024-11-21 06:43
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E64693D-860A-45F4-89D6-4294E0C50637",
"versionEndIncluding": "11.5\\(1.10000.6\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "648976B9-A432-4010-9BA2-A4D78DB181C8",
"versionEndIncluding": "11.5\\(1.10000.6\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "624F2FFF-D108-4E8E-BBC5-42B9A545CB32",
"versionEndIncluding": "12.5\\(1.10000.22\\)",
"versionStartIncluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "FBEB09F5-7DF1-403C-80D1-300001364ED4",
"versionEndIncluding": "12.5\\(1.10000.22\\)",
"versionStartIncluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0FD659-ACD8-4E47-9CB7-A88C518522B3",
"versionEndIncluding": "14.0\\(1.10000.20\\)",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "3F897942-E510-44B0-92C0-65166DF61020",
"versionEndIncluding": "14.0\\(1.10000.20\\)",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A95FE70-69C3-46B0-9E16-5809A7397949",
"versionEndIncluding": "12.5\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5898E6-A2E1-45F4-9A52-B1350A113050",
"versionEndExcluding": "14su2",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en los privilegios del usuario de la base de datos de Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), y Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) podr\u00eda permitir a un atacante autenticado y remoto leer archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. Esta vulnerabilidad es debido a una insuficiencia de restricciones de permisos de archivos. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un comando dise\u00f1ado desde la API a la aplicaci\u00f3n. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer archivos arbitrarios en el sistema operativo subyacente del dispositivo afectado. El atacante necesitar\u00eda credenciales de usuario v\u00e1lidas para explotar esta vulnerabilidad"
}
],
"id": "CVE-2022-20791",
"lastModified": "2024-11-21T06:43:33.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-06T21:15:11.497",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-36"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-20330 (GCVE-0-2025-20330)
Vulnerability from cvelistv5 – Published: 2025-09-03 17:40 – Updated: 2025-09-04 03:55
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
12.5(1)
Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 14SU2a Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 12.5(1)SU9 Affected: 15SU2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T03:55:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
},
{
"status": "affected",
"version": "15SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:40:43.960Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-imp-xss-XQgu4HSG",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
}
],
"source": {
"advisory": "cisco-sa-imp-xss-XQgu4HSG",
"defects": [
"CSCwm63865"
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20330",
"datePublished": "2025-09-03T17:40:43.960Z",
"dateReserved": "2024-10-10T19:15:13.254Z",
"dateUpdated": "2025-09-04T03:55:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20278 (GCVE-0-2025-20278)
Vulnerability from cvelistv5 – Published: 2025-06-04 16:18 – Updated: 2025-06-06 03:55
VLAI?
Summary
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Severity ?
6 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Finesse |
Affected:
11.0(1)ES_Rollback
Affected: 10.5(1)ES4 Affected: 11.6(1)ES3 Affected: 11.0(1)ES2 Affected: 12.0(1)ES2 Affected: 10.5(1)ES3 Affected: 11.0(1) Affected: 11.6(1)FIPS Affected: 11.6(1)ES4 Affected: 11.0(1)ES3 Affected: 10.5(1)ES6 Affected: 11.0(1)ES7 Affected: 11.5(1)ES4 Affected: 10.5(1)ES8 Affected: 11.5(1) Affected: 11.6(1) Affected: 10.5(1)ES10 Affected: 11.6(1)ES2 Affected: 11.6(1)ES Affected: 11.0(1)ES6 Affected: 11.0(1)ES4 Affected: 12.0(1) Affected: 11.6(1)ES7 Affected: 10.5(1)ES7 Affected: 11.6(1)ES8 Affected: 11.5(1)ES1 Affected: 11.6(1)ES1 Affected: 11.5(1)ES5 Affected: 11.0(1)ES1 Affected: 10.5(1) Affected: 11.6(1)ES6 Affected: 10.5(1)ES2 Affected: 12.0(1)ES1 Affected: 11.0(1)ES5 Affected: 10.5(1)ES5 Affected: 11.5(1)ES3 Affected: 11.5(1)ES2 Affected: 10.5(1)ES9 Affected: 11.6(1)ES5 Affected: 11.6(1)ES9 Affected: 11.5(1)ES6 Affected: 10.5(1)ES1 Affected: 12.5(1) Affected: 12.0(1)ES3 Affected: 11.6(1)ES10 Affected: 12.5(1)ES1 Affected: 12.5(1)ES2 Affected: 12.0(1)ES4 Affected: 12.5(1)ES3 Affected: 12.0(1)ES5 Affected: 12.5(1)ES4 Affected: 12.0(1)ES6 Affected: 12.5(1)ES5 Affected: 12.5(1)ES6 Affected: 12.0(1)ES7 Affected: 12.6(1) Affected: 12.5(1)ES7 Affected: 11.6(1)ES11 Affected: 12.6(1)ES1 Affected: 12.0(1)ES8 Affected: 12.5(1)ES8 Affected: 12.6(1)ES2 Affected: 12.6(1)ES3 Affected: 12.6(1)ES4 Affected: 12.6(1)ES5 Affected: 12.5(2) Affected: 12.5(1)_SU Affected: 12.5(1)SU Affected: 12.6(1)ES6 Affected: 12.5(1)SU ES1 Affected: 12.6(1)ES7 Affected: 12.6(1)ES7_ET Affected: 12.6(2) Affected: 12.6(1)ES8 Affected: 12.6(1)ES9 Affected: 12.6(2)ES1 Affected: 12.6(1)ES10 Affected: 12.5(1)SU ES2 Affected: 12.6(1)ES11 Affected: 12.6(2)ES2 Affected: 12.6(2)ES3 Affected: 12.5(1)SU ES3 Affected: 12.6(2)ES4 Affected: 12.6(2)ES5 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T03:55:32.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Finesse",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)ES_Rollback"
},
{
"status": "affected",
"version": "10.5(1)ES4"
},
{
"status": "affected",
"version": "11.6(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)FIPS"
},
{
"status": "affected",
"version": "11.6(1)ES4"
},
{
"status": "affected",
"version": "11.0(1)ES3"
},
{
"status": "affected",
"version": "10.5(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES7"
},
{
"status": "affected",
"version": "11.5(1)ES4"
},
{
"status": "affected",
"version": "10.5(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)ES10"
},
{
"status": "affected",
"version": "11.6(1)ES2"
},
{
"status": "affected",
"version": "11.6(1)ES"
},
{
"status": "affected",
"version": "11.0(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)ES7"
},
{
"status": "affected",
"version": "10.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)ES1"
},
{
"status": "affected",
"version": "11.6(1)ES1"
},
{
"status": "affected",
"version": "11.5(1)ES5"
},
{
"status": "affected",
"version": "11.0(1)ES1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES1"
},
{
"status": "affected",
"version": "11.0(1)ES5"
},
{
"status": "affected",
"version": "10.5(1)ES5"
},
{
"status": "affected",
"version": "11.5(1)ES3"
},
{
"status": "affected",
"version": "11.5(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES9"
},
{
"status": "affected",
"version": "11.6(1)ES5"
},
{
"status": "affected",
"version": "11.6(1)ES9"
},
{
"status": "affected",
"version": "11.5(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)ES3"
},
{
"status": "affected",
"version": "11.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES4"
},
{
"status": "affected",
"version": "12.5(1)ES3"
},
{
"status": "affected",
"version": "12.0(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES6"
},
{
"status": "affected",
"version": "12.0(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(1)ES1"
},
{
"status": "affected",
"version": "12.0(1)ES8"
},
{
"status": "affected",
"version": "12.5(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES2"
},
{
"status": "affected",
"version": "12.6(1)ES3"
},
{
"status": "affected",
"version": "12.6(1)ES4"
},
{
"status": "affected",
"version": "12.6(1)ES5"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)SU ES1"
},
{
"status": "affected",
"version": "12.6(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)ES7_ET"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES9"
},
{
"status": "affected",
"version": "12.6(2)ES1"
},
{
"status": "affected",
"version": "12.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)SU ES2"
},
{
"status": "affected",
"version": "12.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(2)ES2"
},
{
"status": "affected",
"version": "12.6(2)ES3"
},
{
"status": "affected",
"version": "12.5(1)SU ES3"
},
{
"status": "affected",
"version": "12.6(2)ES4"
},
{
"status": "affected",
"version": "12.6(2)ES5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "10.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "14SU4a"
},
{
"status": "affected",
"version": "15SU1a"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "Recovery ISO"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Intelligence Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.6(1)_ES05_ET"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_504_Issue_ET"
},
{
"status": "affected",
"version": "12.6.1_ExcelIssue_ET"
},
{
"status": "affected",
"version": "12.6(2)_Permalink_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwk19536_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwm96922_ET"
},
{
"status": "affected",
"version": "12.6.2_Amq_OOS_ET"
},
{
"status": "affected",
"version": "12.5(2)ET_CSCwi79933"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwn48501_ET"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "12.5(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES13"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.5(1)_ES16"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.5(1)_ES17"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES10"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ET_Streaming"
},
{
"status": "affected",
"version": "12.6(2)ET_Transcribe"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(2)ET_NuanceMix"
},
{
"status": "affected",
"version": "12.6(2)ET_FileUpload"
},
{
"status": "affected",
"version": "12.6(2)_ET02"
},
{
"status": "affected",
"version": "12.6(2)_ES04"
},
{
"status": "affected",
"version": "12.6.2ET_RTPfallback"
},
{
"status": "affected",
"version": "12.6.2ET_CSCwf55306"
},
{
"status": "affected",
"version": "12.6.2_ET_CSCwj36712"
},
{
"status": "affected",
"version": "12.5.2 ET-CSCwj33374"
},
{
"status": "affected",
"version": "12.5(1) SU ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwj87296"
},
{
"status": "affected",
"version": "12.6(2)_ES05"
},
{
"status": "affected",
"version": "12.5.2_ET_CSCvz27014"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2-ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwk83135"
},
{
"status": "affected",
"version": "12.6.2_ET_CX_ALAW"
},
{
"status": "affected",
"version": "12.6.2-ET01-SSL"
},
{
"status": "affected",
"version": "12.6(2)_ES06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:18:20.661Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-vos-command-inject-65s2UCYy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
}
],
"source": {
"advisory": "cisco-sa-vos-command-inject-65s2UCYy",
"defects": [
"CSCwk24029"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unified Communications Products Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20278",
"datePublished": "2025-06-04T16:18:20.661Z",
"dateReserved": "2024-10-10T19:15:13.246Z",
"dateUpdated": "2025-06-06T03:55:32.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20457 (GCVE-0-2024-20457)
Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:06
VLAI?
Summary
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
11.5(1)SU6
Affected: 10.5(1)SU1 Affected: 10.5(1)SU2 Affected: 12.5(1) Affected: 10.5(2)SU2a Affected: 11.5(1)SU3a Affected: 10.0(1)SU2 Affected: 10.5(2)SU2 Affected: 11.0 Affected: 10.5(2)SU3 Affected: 10.5(1)SU3 Affected: 11.5(1)SU1 Affected: 11.0(1) Affected: 10.5(2)SU4 Affected: 11.0(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU5 Affected: 10.0(1)SU1 Affected: 11.5(1)SU3 Affected: 10.5(2)SU4a Affected: 10.5(2) Affected: 11.5(1)SU5a Affected: 11.5(1)SU4 Affected: 12.5(1)SU1 Affected: 10.0(1) Affected: 10.5(2b) Affected: 10.5(2)SU1 Affected: 10.5(1) Affected: 10.5(2a) Affected: 11.5(1) Affected: 12.5(1)SU2 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 12.5(1)SU3 Affected: 11.5(1)SU9 Affected: 12.5(1)SU4 Affected: 14 Affected: 11.5(1)SU10 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 11.5(1)SU11 Affected: 14SU2 Affected: 14SU2a Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 15 Affected: 15SU1 Affected: 14SU4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T17:06:29.143075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T17:06:37.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:29:12.887Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-imp-inf-disc-cUPKuA5n",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
}
],
"source": {
"advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
"defects": [
"CSCwk31853"
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20457",
"datePublished": "2024-11-06T16:29:12.887Z",
"dateReserved": "2023-11-08T15:08:07.679Z",
"dateUpdated": "2024-11-06T17:06:37.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20310 (GCVE-0-2024-20310)
Vulnerability from cvelistv5 – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Severity ?
6.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2a\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2b\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su4a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su11"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su3a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su5a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su6"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su7"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su8"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su9"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.0\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.0\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su6"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su7"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "14.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "14.0su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)su2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:58:41.263017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:23:39.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imps-xss-quWkd9yF",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T16:36:06.520Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imps-xss-quWkd9yF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"source": {
"advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
"defects": [
"CSCwf41335"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20310",
"datePublished": "2024-04-03T16:19:40.031Z",
"dateReserved": "2023-11-08T15:08:07.631Z",
"dateUpdated": "2024-08-01T21:59:41.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20253 (GCVE-0-2024-20253)
Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
VLAI?
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
Severity ?
9.9 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Contact Center Enterprise |
Affected:
N/A
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:43.844502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:12:21.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "11.6(2)ES04"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
},
{
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
}
]
},
{
"product": "Cisco Packaged Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(1)_ES7"
},
{
"status": "affected",
"version": "10.5(2)_ES8"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(2)"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:33.881Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"source": {
"advisory": "cisco-sa-cucm-rce-bWNzQcUm",
"defects": [
"CSCwe18830",
"CSCwe18773",
"CSCwe18840",
"CSCwd64292",
"CSCwd64245",
"CSCwd64276"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20253",
"datePublished": "2024-01-26T17:28:30.761Z",
"dateReserved": "2023-11-08T15:08:07.622Z",
"dateUpdated": "2025-05-29T15:12:21.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20242 (GCVE-0-2023-20242)
Vulnerability from cvelistv5 – Published: 2023-08-16 20:59 – Updated: 2024-08-02 09:05
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 12.5(1)SU7a Affected: 12.5(1)SU8 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:29.703Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
}
],
"source": {
"advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
"defects": [
"CSCwh00875",
"CSCwh02167"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20242",
"datePublished": "2023-08-16T20:59:25.126Z",
"dateReserved": "2022-10-27T18:47:50.370Z",
"dateUpdated": "2024-08-02T09:05:35.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20108 (GCVE-0-2023-20108)
Vulnerability from cvelistv5 – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
Severity ?
7.5 (High)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(2a) Affected: 10.5(2b) Affected: 10.5(2)SU3 Affected: 10.5(2)SU2a Affected: 10.5(2)SU4a Affected: 10.5(2)SU4 Affected: 10.5(1)SU3 Affected: 10.5(1)SU1 Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(1)SU2 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU5a Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 11.0(1) Affected: 11.0(1)SU1 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU2a Affected: 10.0(1) Affected: 10.0(1)SU1 Affected: 10.0(1)SU2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imp-dos-49GL7rzT",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:44.711Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imp-dos-49GL7rzT",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
}
],
"source": {
"advisory": "cisco-sa-cucm-imp-dos-49GL7rzT",
"defects": [
"CSCvy16642"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20108",
"datePublished": "2023-06-28T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-02T08:57:35.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20859 (GCVE-0-2022-20859)
Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
VLAI?
Summary
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:50.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:01.703536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:11:17.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:56",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
],
"source": {
"advisory": "cisco-sa-ucm-access-dMKvV2DY",
"defect": [
[
"CSCvz16246",
"CSCwc12673"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Products Access Control Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20859",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Communications Products Access Control Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
]
},
"source": {
"advisory": "cisco-sa-ucm-access-dMKvV2DY",
"defect": [
[
"CSCvz16246",
"CSCwc12673"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20859",
"datePublished": "2022-07-06T20:30:56.958683Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:11:17.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20815 (GCVE-0-2022-20815)
Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:50.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:02.741443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:11:27.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:51",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
],
"source": {
"advisory": "cisco-sa-cucm-xss-ksKd5yfA",
"defect": [
[
"CSCvy16646",
"CSCvy52029",
"CSCvy60442"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20815",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
]
},
"source": {
"advisory": "cisco-sa-cucm-xss-ksKd5yfA",
"defect": [
[
"CSCvy16646",
"CSCvy52029",
"CSCvy60442"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20815",
"datePublished": "2022-07-06T20:30:51.324508Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:11:27.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20800 (GCVE-0-2022-20800)
Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:12
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20800",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:04.675020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:12:05.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:29",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
}
],
"source": {
"advisory": "cisco-sa-cucm-xss-RgH7MpKA",
"defect": [
[
"CSCvy16638",
"CSCvz33042",
"CSCvz33979"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20800",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unity Connection",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
}
]
},
"source": {
"advisory": "cisco-sa-cucm-xss-RgH7MpKA",
"defect": [
[
"CSCvy16638",
"CSCvz33042",
"CSCvz33979"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20800",
"datePublished": "2022-07-06T20:30:29.396707Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:12:05.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20330 (GCVE-0-2025-20330)
Vulnerability from nvd – Published: 2025-09-03 17:40 – Updated: 2025-09-04 03:55
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
12.5(1)
Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 14SU2a Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 12.5(1)SU9 Affected: 15SU2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T03:55:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
},
{
"status": "affected",
"version": "15SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:40:43.960Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-imp-xss-XQgu4HSG",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
}
],
"source": {
"advisory": "cisco-sa-imp-xss-XQgu4HSG",
"defects": [
"CSCwm63865"
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20330",
"datePublished": "2025-09-03T17:40:43.960Z",
"dateReserved": "2024-10-10T19:15:13.254Z",
"dateUpdated": "2025-09-04T03:55:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20278 (GCVE-0-2025-20278)
Vulnerability from nvd – Published: 2025-06-04 16:18 – Updated: 2025-06-06 03:55
VLAI?
Summary
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Severity ?
6 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Finesse |
Affected:
11.0(1)ES_Rollback
Affected: 10.5(1)ES4 Affected: 11.6(1)ES3 Affected: 11.0(1)ES2 Affected: 12.0(1)ES2 Affected: 10.5(1)ES3 Affected: 11.0(1) Affected: 11.6(1)FIPS Affected: 11.6(1)ES4 Affected: 11.0(1)ES3 Affected: 10.5(1)ES6 Affected: 11.0(1)ES7 Affected: 11.5(1)ES4 Affected: 10.5(1)ES8 Affected: 11.5(1) Affected: 11.6(1) Affected: 10.5(1)ES10 Affected: 11.6(1)ES2 Affected: 11.6(1)ES Affected: 11.0(1)ES6 Affected: 11.0(1)ES4 Affected: 12.0(1) Affected: 11.6(1)ES7 Affected: 10.5(1)ES7 Affected: 11.6(1)ES8 Affected: 11.5(1)ES1 Affected: 11.6(1)ES1 Affected: 11.5(1)ES5 Affected: 11.0(1)ES1 Affected: 10.5(1) Affected: 11.6(1)ES6 Affected: 10.5(1)ES2 Affected: 12.0(1)ES1 Affected: 11.0(1)ES5 Affected: 10.5(1)ES5 Affected: 11.5(1)ES3 Affected: 11.5(1)ES2 Affected: 10.5(1)ES9 Affected: 11.6(1)ES5 Affected: 11.6(1)ES9 Affected: 11.5(1)ES6 Affected: 10.5(1)ES1 Affected: 12.5(1) Affected: 12.0(1)ES3 Affected: 11.6(1)ES10 Affected: 12.5(1)ES1 Affected: 12.5(1)ES2 Affected: 12.0(1)ES4 Affected: 12.5(1)ES3 Affected: 12.0(1)ES5 Affected: 12.5(1)ES4 Affected: 12.0(1)ES6 Affected: 12.5(1)ES5 Affected: 12.5(1)ES6 Affected: 12.0(1)ES7 Affected: 12.6(1) Affected: 12.5(1)ES7 Affected: 11.6(1)ES11 Affected: 12.6(1)ES1 Affected: 12.0(1)ES8 Affected: 12.5(1)ES8 Affected: 12.6(1)ES2 Affected: 12.6(1)ES3 Affected: 12.6(1)ES4 Affected: 12.6(1)ES5 Affected: 12.5(2) Affected: 12.5(1)_SU Affected: 12.5(1)SU Affected: 12.6(1)ES6 Affected: 12.5(1)SU ES1 Affected: 12.6(1)ES7 Affected: 12.6(1)ES7_ET Affected: 12.6(2) Affected: 12.6(1)ES8 Affected: 12.6(1)ES9 Affected: 12.6(2)ES1 Affected: 12.6(1)ES10 Affected: 12.5(1)SU ES2 Affected: 12.6(1)ES11 Affected: 12.6(2)ES2 Affected: 12.6(2)ES3 Affected: 12.5(1)SU ES3 Affected: 12.6(2)ES4 Affected: 12.6(2)ES5 |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T03:55:32.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Finesse",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)ES_Rollback"
},
{
"status": "affected",
"version": "10.5(1)ES4"
},
{
"status": "affected",
"version": "11.6(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)FIPS"
},
{
"status": "affected",
"version": "11.6(1)ES4"
},
{
"status": "affected",
"version": "11.0(1)ES3"
},
{
"status": "affected",
"version": "10.5(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES7"
},
{
"status": "affected",
"version": "11.5(1)ES4"
},
{
"status": "affected",
"version": "10.5(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)ES10"
},
{
"status": "affected",
"version": "11.6(1)ES2"
},
{
"status": "affected",
"version": "11.6(1)ES"
},
{
"status": "affected",
"version": "11.0(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)ES7"
},
{
"status": "affected",
"version": "10.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)ES1"
},
{
"status": "affected",
"version": "11.6(1)ES1"
},
{
"status": "affected",
"version": "11.5(1)ES5"
},
{
"status": "affected",
"version": "11.0(1)ES1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES1"
},
{
"status": "affected",
"version": "11.0(1)ES5"
},
{
"status": "affected",
"version": "10.5(1)ES5"
},
{
"status": "affected",
"version": "11.5(1)ES3"
},
{
"status": "affected",
"version": "11.5(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES9"
},
{
"status": "affected",
"version": "11.6(1)ES5"
},
{
"status": "affected",
"version": "11.6(1)ES9"
},
{
"status": "affected",
"version": "11.5(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)ES3"
},
{
"status": "affected",
"version": "11.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES4"
},
{
"status": "affected",
"version": "12.5(1)ES3"
},
{
"status": "affected",
"version": "12.0(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES6"
},
{
"status": "affected",
"version": "12.0(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(1)ES1"
},
{
"status": "affected",
"version": "12.0(1)ES8"
},
{
"status": "affected",
"version": "12.5(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES2"
},
{
"status": "affected",
"version": "12.6(1)ES3"
},
{
"status": "affected",
"version": "12.6(1)ES4"
},
{
"status": "affected",
"version": "12.6(1)ES5"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)SU ES1"
},
{
"status": "affected",
"version": "12.6(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)ES7_ET"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES9"
},
{
"status": "affected",
"version": "12.6(2)ES1"
},
{
"status": "affected",
"version": "12.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)SU ES2"
},
{
"status": "affected",
"version": "12.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(2)ES2"
},
{
"status": "affected",
"version": "12.6(2)ES3"
},
{
"status": "affected",
"version": "12.5(1)SU ES3"
},
{
"status": "affected",
"version": "12.6(2)ES4"
},
{
"status": "affected",
"version": "12.6(2)ES5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "10.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "14SU4a"
},
{
"status": "affected",
"version": "15SU1a"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "Recovery ISO"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Intelligence Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.6(1)_ES05_ET"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_504_Issue_ET"
},
{
"status": "affected",
"version": "12.6.1_ExcelIssue_ET"
},
{
"status": "affected",
"version": "12.6(2)_Permalink_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwk19536_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwm96922_ET"
},
{
"status": "affected",
"version": "12.6.2_Amq_OOS_ET"
},
{
"status": "affected",
"version": "12.5(2)ET_CSCwi79933"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwn48501_ET"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "12.5(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES13"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.5(1)_ES16"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.5(1)_ES17"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES10"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ET_Streaming"
},
{
"status": "affected",
"version": "12.6(2)ET_Transcribe"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(2)ET_NuanceMix"
},
{
"status": "affected",
"version": "12.6(2)ET_FileUpload"
},
{
"status": "affected",
"version": "12.6(2)_ET02"
},
{
"status": "affected",
"version": "12.6(2)_ES04"
},
{
"status": "affected",
"version": "12.6.2ET_RTPfallback"
},
{
"status": "affected",
"version": "12.6.2ET_CSCwf55306"
},
{
"status": "affected",
"version": "12.6.2_ET_CSCwj36712"
},
{
"status": "affected",
"version": "12.5.2 ET-CSCwj33374"
},
{
"status": "affected",
"version": "12.5(1) SU ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwj87296"
},
{
"status": "affected",
"version": "12.6(2)_ES05"
},
{
"status": "affected",
"version": "12.5.2_ET_CSCvz27014"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2-ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwk83135"
},
{
"status": "affected",
"version": "12.6.2_ET_CX_ALAW"
},
{
"status": "affected",
"version": "12.6.2-ET01-SSL"
},
{
"status": "affected",
"version": "12.6(2)_ES06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:18:20.661Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-vos-command-inject-65s2UCYy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
}
],
"source": {
"advisory": "cisco-sa-vos-command-inject-65s2UCYy",
"defects": [
"CSCwk24029"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unified Communications Products Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20278",
"datePublished": "2025-06-04T16:18:20.661Z",
"dateReserved": "2024-10-10T19:15:13.246Z",
"dateUpdated": "2025-06-06T03:55:32.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20457 (GCVE-0-2024-20457)
Vulnerability from nvd – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:06
VLAI?
Summary
A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.
This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
11.5(1)SU6
Affected: 10.5(1)SU1 Affected: 10.5(1)SU2 Affected: 12.5(1) Affected: 10.5(2)SU2a Affected: 11.5(1)SU3a Affected: 10.0(1)SU2 Affected: 10.5(2)SU2 Affected: 11.0 Affected: 10.5(2)SU3 Affected: 10.5(1)SU3 Affected: 11.5(1)SU1 Affected: 11.0(1) Affected: 10.5(2)SU4 Affected: 11.0(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU5 Affected: 10.0(1)SU1 Affected: 11.5(1)SU3 Affected: 10.5(2)SU4a Affected: 10.5(2) Affected: 11.5(1)SU5a Affected: 11.5(1)SU4 Affected: 12.5(1)SU1 Affected: 10.0(1) Affected: 10.5(2b) Affected: 10.5(2)SU1 Affected: 10.5(1) Affected: 10.5(2a) Affected: 11.5(1) Affected: 12.5(1)SU2 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 12.5(1)SU3 Affected: 11.5(1)SU9 Affected: 12.5(1)SU4 Affected: 14 Affected: 11.5(1)SU10 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 11.5(1)SU11 Affected: 14SU2 Affected: 14SU2a Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 15 Affected: 15SU1 Affected: 14SU4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T17:06:29.143075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T17:06:37.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "11.0"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:29:12.887Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-imp-inf-disc-cUPKuA5n",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
}
],
"source": {
"advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
"defects": [
"CSCwk31853"
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20457",
"datePublished": "2024-11-06T16:29:12.887Z",
"dateReserved": "2023-11-08T15:08:07.679Z",
"dateUpdated": "2024-11-06T17:06:37.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20310 (GCVE-0-2024-20310)
Vulnerability from nvd – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Severity ?
6.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
N/A
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2a\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2b\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su4a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(2\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su11"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su3a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su5a"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su6"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su7"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su8"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.5\\(1\\)su9"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.0\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "11.0\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su3"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su4"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su5"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su6"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.5\\(1\\)su7"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "14.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "14.0su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)su1"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unified_communications_manager_im_and_presence_service",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "10.0\\(1\\)su2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-03T17:58:41.263017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T16:23:39.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imps-xss-quWkd9yF",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T16:36:06.520Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imps-xss-quWkd9yF",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
}
],
"source": {
"advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
"defects": [
"CSCwf41335"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20310",
"datePublished": "2024-04-03T16:19:40.031Z",
"dateReserved": "2023-11-08T15:08:07.631Z",
"dateUpdated": "2024-08-01T21:59:41.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20253 (GCVE-0-2024-20253)
Vulnerability from nvd – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
VLAI?
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
Severity ?
9.9 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Contact Center Enterprise |
Affected:
N/A
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:43.844502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:12:21.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "11.6(2)ES04"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
},
{
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
}
]
},
{
"product": "Cisco Packaged Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(1)_ES7"
},
{
"status": "affected",
"version": "10.5(2)_ES8"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(2)"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:33.881Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"source": {
"advisory": "cisco-sa-cucm-rce-bWNzQcUm",
"defects": [
"CSCwe18830",
"CSCwe18773",
"CSCwe18840",
"CSCwd64292",
"CSCwd64245",
"CSCwd64276"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20253",
"datePublished": "2024-01-26T17:28:30.761Z",
"dateReserved": "2023-11-08T15:08:07.622Z",
"dateUpdated": "2025-05-29T15:12:21.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20242 (GCVE-0-2023-20242)
Vulnerability from nvd – Published: 2023-08-16 20:59 – Updated: 2024-08-02 09:05
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 12.5(1)SU7a Affected: 12.5(1)SU8 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU3 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:29.703Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
}
],
"source": {
"advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
"defects": [
"CSCwh00875",
"CSCwh02167"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20242",
"datePublished": "2023-08-16T20:59:25.126Z",
"dateReserved": "2022-10-27T18:47:50.370Z",
"dateUpdated": "2024-08-02T09:05:35.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20108 (GCVE-0-2023-20108)
Vulnerability from nvd – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
VLAI?
Summary
A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
Severity ?
7.5 (High)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(2a) Affected: 10.5(2b) Affected: 10.5(2)SU3 Affected: 10.5(2)SU2a Affected: 10.5(2)SU4a Affected: 10.5(2)SU4 Affected: 10.5(1)SU3 Affected: 10.5(1)SU1 Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(1)SU2 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU5a Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 11.0(1) Affected: 11.0(1)SU1 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU2a Affected: 10.0(1) Affected: 10.0(1)SU1 Affected: 10.0(1)SU2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-imp-dos-49GL7rzT",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "Uncontrolled Memory Allocation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:44.711Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-imp-dos-49GL7rzT",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
}
],
"source": {
"advisory": "cisco-sa-cucm-imp-dos-49GL7rzT",
"defects": [
"CSCvy16642"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20108",
"datePublished": "2023-06-28T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-08-02T08:57:35.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20859 (GCVE-0-2022-20859)
Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
VLAI?
Summary
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
Severity ?
6.5 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:50.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:01.703536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:11:17.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:56",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
],
"source": {
"advisory": "cisco-sa-ucm-access-dMKvV2DY",
"defect": [
[
"CSCvz16246",
"CSCwc12673"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Products Access Control Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20859",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Communications Products Access Control Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
}
]
},
"source": {
"advisory": "cisco-sa-ucm-access-dMKvV2DY",
"defect": [
[
"CSCvz16246",
"CSCwc12673"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20859",
"datePublished": "2022-07-06T20:30:56.958683Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:11:17.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20815 (GCVE-0-2022-20815)
Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
Severity ?
6.1 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Communications Manager |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:50.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:02.741443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:11:27.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-06T20:30:51",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
],
"source": {
"advisory": "cisco-sa-cucm-xss-ksKd5yfA",
"defect": [
[
"CSCvy16646",
"CSCvy52029",
"CSCvy60442"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-07-06T16:00:00",
"ID": "CVE-2022-20815",
"STATE": "PUBLIC",
"TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
}
]
},
"source": {
"advisory": "cisco-sa-cucm-xss-ksKd5yfA",
"defect": [
[
"CSCvy16646",
"CSCvy52029",
"CSCvy60442"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20815",
"datePublished": "2022-07-06T20:30:51.324508Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:11:27.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}