Search criteria
48 vulnerabilities found for unified_presence_server by cisco
FKIE_CVE-2015-4220
Vulnerability from fkie_nvd - Published: 2015-06-25 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=39504 | Vendor Advisory | |
| psirt@cisco.com | http://www.securityfocus.com/bid/75407 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1032717 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=39504 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75407 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032717 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | 9.1\(1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:9.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "513D7644-BCEE-45F3-9143-FF533C044CCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cisco Unified Presence Server 9.1(1) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un valor no especificado, tambi\u00e9n conocido como Bug ID CSCuq03773."
}
],
"id": "CVE-2015-4220",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-06-25T16:59:01.220",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75407"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/75407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032717"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3339
Vulnerability from fkie_nvd - Published: 2014-08-12 23:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_communications_domain_manager | - | |
| cisco | unified_presence_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC05C99-071F-47E7-A3B6-899488520663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la interfaz del web de administraci\u00f3n en Cisco Unified Communications Manager (CM) y Cisco Unified Presence Server (CUPS) permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de entradas manipuladas en p\u00e1ginas no especificadas, tambi\u00e9n conocido como Bug ID CSCup74290."
}
],
"id": "CVE-2014-3339",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-12T23:55:03.957",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/69200"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3328
Vulnerability from fkie_nvd - Published: 2014-07-26 11:11 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328 | Vendor Advisory | |
| psirt@cisco.com | http://www.securityfocus.com/bid/68901 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | http://www.securitytracker.com/id/1030643 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/94879 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68901 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030643 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/94879 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
},
{
"lang": "es",
"value": "Intercluster Sync Agent Service en Cisco Unified Presence Server permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una inundaci\u00f3n de paquetes TCP SYN, tambi\u00e9n conocido como Bug ID CSCun34125."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/400.html\" target=\"_blank\"\u003eCWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)\u003c/a\u003e",
"id": "CVE-2014-3328",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-26T11:11:57.270",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68901"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030643"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1030643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6983
Vulnerability from fkie_nvd - Published: 2013-12-31 15:16 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la interfaz web de Cisco Unified Presence Server permite a los usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCuh35615."
}
],
"id": "CVE-2013-6983",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-31T15:16:44.643",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/101514"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/56273"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64551"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029547"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/101514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1242
Vulnerability from fkie_nvd - Published: 2013-05-10 11:42 - Updated: 2025-04-11 00:51
Severity ?
Summary
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3C9AF1-A2BF-4F56-BE38-ED6DC45E94E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
},
{
"lang": "es",
"value": "Fuga de memoria en el framework web en el servidor de Cisco Unified Presence (CUP) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria), a trav\u00e9s de paquetes TCP mal formados, tambi\u00e9n conocido como Bug ID CSCug38080."
}
],
"id": "CVE-2013-1242",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-10T11:42:30.143",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1137
Vulnerability from fkie_nvd - Published: 2013-02-27 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | 8.6 | |
| cisco | unified_presence_server | 9.0 | |
| cisco | unified_presence_server | 9.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "130C0F92-12E1-4503-B870-633AB3BF4067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BB3ADDF-ED23-4FF8-959F-868394821FFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2641314-DEC0-4AFA-8395-7D0B7241E8BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930."
},
{
"lang": "es",
"value": "Cisco Unified Presence Server (CUPS) v8.6, v9.0 y v9.1 antes de v9.1.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de paquetes dise\u00f1ados al puerto SIP TCP, conocido como Bug ID CSCua89930."
}
],
"id": "CVE-2013-1137",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-27T21:55:04.293",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1643
Vulnerability from fkie_nvd - Published: 2011-08-29 15:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "819AE879-5BF9-494E-8905-1E1E867EB5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6CC94003-72B6-45C3-A07E-0A08F1562B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "958A2707-0F1A-4719-BB9F-DC9ED129105A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(1b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "48A8EE9A-458D-4619-B04D-F01A9934DC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "597D9674-F44D-4A31-A2F2-2790ED698A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2B7439-8547-41A6-AE6C-6ABCD167890E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(2\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3EB2A0-6907-4260-BBF1-D8E6E40827FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BE122F76-ECDB-4446-825C-EF02257D8C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "44280E56-C151-4C08-804D-001F91FF2AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BD968A56-9539-4699-9099-0F220D283CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(3b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CEBB9B-2B43-44C2-BC93-55E58C24CED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FE2597F4-9B5B-4E2E-8DA5-40D769CC57B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "665ACEFC-B989-42AB-BAB4-2C273CF2B702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4F9ABF04-C732-4509-8589-F58E1D5F66E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(4a\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D899431-7C91-4CB4-9CBA-D5BA34B7B330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FC13697F-84A3-4793-B82E-6E8857B4FC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC24D57B-3D0C-486D-83CB-A4E419CA9626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:6.1\\(5\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5137D0F-0273-41EF-B3F6-2D87662B3788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "72C54A10-998C-435F-B058-A6879CD608A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(1\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "D81D69D5-E669-4DBC-A76B-E9C30A239A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FCB47159-FA07-4317-B562-D7AB7C49E8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8765E016-7C6F-4C36-A22C-78ED8666F7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D5254-3E67-452E-ADB3-204A66765952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.0\\(2a\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3680AB-CEF8-4C2C-A46B-C9009E6A6590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B591E75E-040C-4D26-AF13-A4F87E048579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "F22B2CDE-DB49-402D-8BF2-B9458D907DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "18986D7E-E1E6-46EB-A247-2A98224FC122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAAC2E8-B548-4940-9492-DEAB574E7CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46BDD926-7F96-46C5-AD9C-40B7D3C78340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7BA63076-B8A1-4672-99F3-703F7838F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3F84676C-75A5-48D2-889D-B48EC724336F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2EA15D48-A0DE-4091-8C78-666E98B488C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "3038823F-C32D-4C1B-8228-D14B35535297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2ECDCE1A-176D-46E0-9C39-19FAD7B57892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6856A2A-55F4-4785-BEC1-54295D7D9CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "2727998A-ED1F-4EFE-9952-7DA8486706D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F61FD826-A08E-477C-AA57-359B10387035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EDB91-350B-4ED4-A177-257023380C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBA6140-CEF7-4990-9A1E-76F02607BA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0A5B28-0211-4173-BD91-67BCA3267C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "74323C2F-949A-4A97-8A1A-1D0A470B93BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248E4608-B870-4913-8048-3771685CBD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1FA195-A711-4861-9B3D-A36D55C0F49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F252947A-82FE-4133-AA4F-E17758D7ECF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "F61E277B-475A-40EC-8A67-CE2A17C94185",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "722EE4EC-43D8-4956-8F53-B13B23A1CE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A704B14E-EC47-47E5-8AA1-35E0138B6A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F95246B-7822-4077-BC9C-3E1C0B02C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5D01D8A-9F92-4900-941C-0B481D277D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E72DE400-8ACA-4D01-8BBE-7F13959F4DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F049CAA8-6FA8-4642-910C-70C8D3CEAF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DBE02502-3A25-4C33-9F10-D11B1D8A915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D94318C6-D439-4929-AA07-C9E71B6E8B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B9C5872-317C-4A68-8E99-DEB224BAE607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D6F4FC53-3627-4826-8CFC-BEEBCB8CEC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BACEF63-F22A-4B39-84AE-A950AC024EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "703C2FA6-B723-41B1-BEA3-87AABD6F85DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80D0D477-4976-45FB-A089-5C19119D2BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0398D739-6A84-4817-AFD0-80A4513F1AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5A912AAC-11BE-4E44-A6D2-3D9EB0924A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "95C017B1-9404-478D-9696-864E86C0A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62F99A3E-6B66-495F-A9DA-B398FDBD68C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9757D60-0BCB-438A-9E51-9384F2A81170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2A3381A0-7712-4E4C-8AAF-625BBEF00F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:8.5\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6C1FEB93-F4CD-4B75-8B45-2278F8D0A3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:8.5\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "29D3C8B8-3F20-44E4-BE21-2376B98AD0E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833."
},
{
"lang": "es",
"value": "Cisco Unified Communications Manager (tambi\u00e9n conocido como CUCM o formerly CallManager) v6.x, v7.x antes de v7.1(5b)su4, v8.0, y v8.5 antes de v8.5(1)su2 y Cisco Unified Presence Server v6.x, v7.x, v8.0, y v8.5 antes de v8.5xnr, permite a atacantes remotos leer datos de la base de datos conectandose a la interfaz de consulta a trav\u00e9s de una sesi\u00f3n SSL, tambi\u00e9n conocido como Bug IDs CSCti81574, CSCto63060, CSCto72183 y CSCto73833."
}
],
"id": "CVE-2011-1643",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-29T15:55:01.127",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2839
Vulnerability from fkie_nvd - Published: 2010-08-26 21:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | 6.0 | |
| cisco | unified_presence_server | 6.0\(2\) | |
| cisco | unified_presence_server | 6.0\(3\) | |
| cisco | unified_presence_server | 6.0\(4\) | |
| cisco | unified_presence_server | 6.0\(5\) | |
| cisco | unified_presence_server | 6.0\(6\) | |
| cisco | unified_presence_server | 7.0 | |
| cisco | unified_presence_server | 7.0\(2\) | |
| cisco | unified_presence_server | 7.0\(3\) | |
| cisco | unified_presence_server | 7.0\(4\) | |
| cisco | unified_presence_server | 7.0\(5\) | |
| cisco | unified_presence_server | 7.0\(6\) | |
| cisco | unified_presence_server | 7.0\(7\) | |
| cisco | unified_presence_server | 6.0\(2.1101\) | |
| cisco | unified_presence_server | 6.0\(3.1101-2\) | |
| cisco | unified_presence_server | 6.0\(4.1101-5\) | |
| cisco | unified_presence_server | 6.0\(5.1101-1\) | |
| cisco | unified_presence_server | 6.0\(5.1103-2\) | |
| cisco | unified_presence_server | 6.0.5.1102-1 | |
| cisco | unified_presence_server | 7.0.3.10102-3 | |
| cisco | unified_presence_server | 7.0.3.10103-2 | |
| cisco | unified_presence_server | 7.0.4.10101-2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9CEBA2-160F-4303-9C1D-C7BD7E758CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A704B14E-EC47-47E5-8AA1-35E0138B6A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F95246B-7822-4077-BC9C-3E1C0B02C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5D01D8A-9F92-4900-941C-0B481D277D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E72DE400-8ACA-4D01-8BBE-7F13959F4DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F049CAA8-6FA8-4642-910C-70C8D3CEAF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1706BFD4-817A-4BA2-8B3B-60CDF1F54A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B9C5872-317C-4A68-8E99-DEB224BAE607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D6F4FC53-3627-4826-8CFC-BEEBCB8CEC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BACEF63-F22A-4B39-84AE-A950AC024EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "703C2FA6-B723-41B1-BEA3-87AABD6F85DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80D0D477-4976-45FB-A089-5C19119D2BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0398D739-6A84-4817-AFD0-80A4513F1AD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2.1101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "33A4FA6A-D37D-465D-921A-51E429A30537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3.1101-2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BDE292F1-2F4F-40BE-9E2A-E3F1C55857EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4.1101-5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B709CF6E-C148-4AD6-962B-A1055396DC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5.1101-1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B64ACB1-C4E5-48B9-8747-4F7AFA6955A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5.1103-2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3AB3FB41-7A7B-4342-9ED2-27ACDD29E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0.5.1102-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81DC553-FFAB-4D13-8484-E174CA918D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0.3.10102-3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED42650B-EDED-4CC5-BA26-D179E7F25177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0.3.10103-2:*:*:*:*:*:*:*",
"matchCriteriaId": "B734482D-2E7E-4A4B-BB3C-3ABC2EB8FD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0.4.10101-2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3D3770-3C99-4FCF-9B42-727A40D6062F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474."
},
{
"lang": "es",
"value": "SIPD de Cisco Unified Presence v6.x anterior a v6.0(7) y v7.x anterior a v7.0(8) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la pila de memoria y fallo del proceso) mediante un mensaje SIP mal formado. Tambi\u00e9n se conoce como Bug ID CSCtd14474."
}
],
"id": "CVE-2010-2839",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-26T21:00:01.530",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2186"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2840
Vulnerability from fkie_nvd - Published: 2010-08-26 21:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | 6.0 | |
| cisco | unified_presence_server | 6.0\(2\) | |
| cisco | unified_presence_server | 6.0\(3\) | |
| cisco | unified_presence_server | 6.0\(4\) | |
| cisco | unified_presence_server | 6.0\(5\) | |
| cisco | unified_presence_server | 6.0\(6\) | |
| cisco | unified_presence_server | 7.0 | |
| cisco | unified_presence_server | 7.0\(2\) | |
| cisco | unified_presence_server | 7.0\(3\) | |
| cisco | unified_presence_server | 7.0\(4\) | |
| cisco | unified_presence_server | 7.0\(5\) | |
| cisco | unified_presence_server | 7.0\(6\) | |
| cisco | unified_presence_server | 7.0\(7\) | |
| cisco | unified_presence_server | 6.0\(2.1101\) | |
| cisco | unified_presence_server | 6.0\(3.1101-2\) | |
| cisco | unified_presence_server | 6.0\(4.1101-5\) | |
| cisco | unified_presence_server | 6.0\(5.1101-1\) | |
| cisco | unified_presence_server | 6.0\(5.1103-2\) | |
| cisco | unified_presence_server | 6.0.5.1102-1 | |
| cisco | unified_presence_server | 7.0.3.10102-3 | |
| cisco | unified_presence_server | 7.0.3.10103-2 | |
| cisco | unified_presence_server | 7.0.4.10101-2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9CEBA2-160F-4303-9C1D-C7BD7E758CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A704B14E-EC47-47E5-8AA1-35E0138B6A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F95246B-7822-4077-BC9C-3E1C0B02C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5D01D8A-9F92-4900-941C-0B481D277D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E72DE400-8ACA-4D01-8BBE-7F13959F4DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F049CAA8-6FA8-4642-910C-70C8D3CEAF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1706BFD4-817A-4BA2-8B3B-60CDF1F54A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B9C5872-317C-4A68-8E99-DEB224BAE607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D6F4FC53-3627-4826-8CFC-BEEBCB8CEC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8BACEF63-F22A-4B39-84AE-A950AC024EB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "703C2FA6-B723-41B1-BEA3-87AABD6F85DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "80D0D477-4976-45FB-A089-5C19119D2BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0398D739-6A84-4817-AFD0-80A4513F1AD4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2.1101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "33A4FA6A-D37D-465D-921A-51E429A30537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3.1101-2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BDE292F1-2F4F-40BE-9E2A-E3F1C55857EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4.1101-5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B709CF6E-C148-4AD6-962B-A1055396DC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5.1101-1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0B64ACB1-C4E5-48B9-8747-4F7AFA6955A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5.1103-2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3AB3FB41-7A7B-4342-9ED2-27ACDD29E5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0.5.1102-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81DC553-FFAB-4D13-8484-E174CA918D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0.3.10102-3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED42650B-EDED-4CC5-BA26-D179E7F25177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0.3.10103-2:*:*:*:*:*:*:*",
"matchCriteriaId": "B734482D-2E7E-4A4B-BB3C-3ABC2EB8FD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0.4.10101-2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3D3770-3C99-4FCF-9B42-727A40D6062F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
},
{
"lang": "es",
"value": "El servicio Presence Engine (PE) en Cisco Unified Presence v6.x anterior a v6.0(7) y v7.x anterior a v7.0(8), no maneja apropiadamente un campo \"Contact\" err\u00f3neo en la cabecera de un mensaje SIP SUSCRIBE, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo del proceso) a trav\u00e9s de un mensaje mal formado. Tambi\u00e9n conocido como Bug ID CSCtd39629."
}
],
"id": "CVE-2010-2840",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-26T21:00:01.577",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2186"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2874
Vulnerability from fkie_nvd - Published: 2009-10-16 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | unified_presence_server | 1.0 | |
| cisco | unified_presence_server | 1.0\(1\) | |
| cisco | unified_presence_server | 1.0\(2\) | |
| cisco | unified_presence_server | 1.0\(3\) | |
| cisco | unified_presence_server | 6.0 | |
| cisco | unified_presence_server | 6.0\(2\) | |
| cisco | unified_presence_server | 6.0\(3\) | |
| cisco | unified_presence_server | 6.0\(4\) | |
| cisco | unified_presence_server | 6.0\(5\) | |
| cisco | unified_presence_server | 7.0 | |
| cisco | unified_presence_server | 7.0\(2\) | |
| cisco | unified_presence_server | 7.0\(3\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F897DA4-E313-45C8-A4FB-52404D6541BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "22B299D9-A18B-41D9-B976-57AFDAA751DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CDA3BA5D-2CEB-4AAC-8CB4-4A2CDC574076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:1.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9465A4F0-44C0-4A43-962E-0CCEADA05533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9CEBA2-160F-4303-9C1D-C7BD7E758CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A704B14E-EC47-47E5-8AA1-35E0138B6A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6F95246B-7822-4077-BC9C-3E1C0B02C139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A5D01D8A-9F92-4900-941C-0B481D277D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:6.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E72DE400-8ACA-4D01-8BBE-7F13959F4DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1706BFD4-817A-4BA2-8B3B-60CDF1F54A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8B9C5872-317C-4A68-8E99-DEB224BAE607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_presence_server:7.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D6F4FC53-3627-4826-8CFC-BEEBCB8CEC87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662."
},
{
"lang": "es",
"value": "El proceso TimesTenD en Cisco Unified Presence v1.x, v6.x anterior a v6.0(6), y v7.x anterior a v7.0(4), permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de proceso) a trav\u00e9s de un gran n\u00famero de conexiones TCP a los puertos 16200 y 22794, tambi\u00e9n conocido como Bug ID CSCsy17662."
}
],
"id": "CVE-2009-2874",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-16T16:30:00.640",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37039"
},
{
"source": "psirt@cisco.com",
"url": "http://securitytracker.com/id?1023018"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/36675"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-4220 (GCVE-0-2015-4220)
Vulnerability from cvelistv5 – Published: 2015-06-25 16:00 – Updated: 2024-08-06 06:11
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75407"
},
{
"name": "1032717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032717"
},
{
"name": "20150624 Cisco Unified Presence Server Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "75407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75407"
},
{
"name": "1032717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032717"
},
{
"name": "20150624 Cisco Unified Presence Server Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75407"
},
{
"name": "1032717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032717"
},
{
"name": "20150624 Cisco Unified Presence Server Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4220",
"datePublished": "2015-06-25T16:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3339 (GCVE-0-2014-3339)
Vulnerability from cvelistv5 – Published: 2014-08-12 23:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"name": "69200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69200"
},
{
"name": "cucm-cups-cve20143339-sql-injection(95250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"name": "69200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69200"
},
{
"name": "cucm-cups-cve20143339-sql-injection(95250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"name": "69200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69200"
},
{
"name": "cucm-cups-cve20143339-sql-injection(95250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3339",
"datePublished": "2014-08-12T23:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3328 (GCVE-0-2014-3328)
Vulnerability from cvelistv5 – Published: 2014-07-26 10:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:04.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "68901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3328",
"datePublished": "2014-07-26T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:04.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6983 (GCVE-0-2013-6983)
Vulnerability from cvelistv5 – Published: 2013-12-31 11:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131229 Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"name": "56273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56273"
},
{
"name": "1029547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029547"
},
{
"name": "cisco-unified-cve20136983-sql-injection(90011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"name": "64551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64551"
},
{
"name": "101514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20131229 Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"name": "56273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56273"
},
{
"name": "1029547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029547"
},
{
"name": "cisco-unified-cve20136983-sql-injection(90011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"name": "64551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64551"
},
{
"name": "101514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131229 Cisco Unified Presence Server SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"name": "56273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56273"
},
{
"name": "1029547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029547"
},
{
"name": "cisco-unified-cve20136983-sql-injection(90011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"name": "64551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64551"
},
{
"name": "101514",
"refsource": "OSVDB",
"url": "http://osvdb.org/101514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6983",
"datePublished": "2013-12-31T11:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1242 (GCVE-0-2013-1242)
Vulnerability from cvelistv5 – Published: 2013-05-10 10:00 – Updated: 2024-09-17 02:48
VLAI?
Summary
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-10T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1242",
"datePublished": "2013-05-10T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:48:03.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1137 (GCVE-0-2013-1137)
Vulnerability from cvelistv5 – Published: 2013-02-27 21:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130227 Cisco Unified Presence Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-27T21:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130227 Cisco Unified Presence Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130227 Cisco Unified Presence Server Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1137",
"datePublished": "2013-02-27T21:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:52.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1643 (GCVE-0-2011-1643)
Vulnerability from cvelistv5 – Published: 2011-08-29 15:00 – Updated: 2024-09-17 00:10
VLAI?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-29T15:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1643",
"datePublished": "2011-08-29T15:00:00Z",
"dateReserved": "2011-04-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:10:43.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2839 (GCVE-0-2010-2839)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI?
Summary
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2839",
"datePublished": "2010-08-26T20:00:00",
"dateReserved": "2010-07-23T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2840 (GCVE-0-2010-2840)
Vulnerability from cvelistv5 – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI?
Summary
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2840",
"datePublished": "2010-08-26T20:00:00",
"dateReserved": "2010-07-23T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2874 (GCVE-0-2009-2874)
Vulnerability from cvelistv5 – Published: 2009-10-16 16:00 – Updated: 2024-08-07 06:07
VLAI?
Summary
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"name": "cisco-unifiedpresence-timestend-dos(53772)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"name": "36675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36675"
},
{
"name": "37039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37039"
},
{
"name": "1023018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023018"
},
{
"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"name": "cisco-unifiedpresence-timestend-dos(53772)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"name": "36675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36675"
},
{
"name": "37039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37039"
},
{
"name": "1023018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023018"
},
{
"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"name": "cisco-unifiedpresence-timestend-dos(53772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"name": "36675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36675"
},
{
"name": "37039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37039"
},
{
"name": "1023018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023018"
},
{
"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2874",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4220 (GCVE-0-2015-4220)
Vulnerability from nvd – Published: 2015-06-25 16:00 – Updated: 2024-08-06 06:11
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75407"
},
{
"name": "1032717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032717"
},
{
"name": "20150624 Cisco Unified Presence Server Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-23T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "75407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75407"
},
{
"name": "1032717",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032717"
},
{
"name": "20150624 Cisco Unified Presence Server Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75407"
},
{
"name": "1032717",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032717"
},
{
"name": "20150624 Cisco Unified Presence Server Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39504"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4220",
"datePublished": "2015-06-25T16:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3339 (GCVE-0-2014-3339)
Vulnerability from nvd – Published: 2014-08-12 23:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:05.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"name": "69200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69200"
},
{
"name": "cucm-cups-cve20143339-sql-injection(95250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"name": "69200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69200"
},
{
"name": "cucm-cups-cve20143339-sql-injection(95250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140812 Cisco Unified Communications Manager and Cisco Unified Presence Server SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3339"
},
{
"name": "69200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69200"
},
{
"name": "cucm-cups-cve20143339-sql-injection(95250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3339",
"datePublished": "2014-08-12T23:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:05.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3328 (GCVE-0-2014-3328)
Vulnerability from nvd – Published: 2014-07-26 10:00 – Updated: 2024-08-06 10:43
VLAI?
Summary
The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:04.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "68901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intercluster Sync Agent Service in Cisco Unified Presence Server allows remote attackers to cause a denial of service via a TCP SYN flood, aka Bug ID CSCun34125."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68901"
},
{
"name": "20140725 Cisco Unified Presence Server Sync Agent Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3328"
},
{
"name": "1030643",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030643"
},
{
"name": "cisco-ups-cve20143328-dos(94879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3328",
"datePublished": "2014-07-26T10:00:00",
"dateReserved": "2014-05-07T00:00:00",
"dateUpdated": "2024-08-06T10:43:04.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6983 (GCVE-0-2013-6983)
Vulnerability from nvd – Published: 2013-12-31 11:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131229 Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"name": "56273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56273"
},
{
"name": "1029547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029547"
},
{
"name": "cisco-unified-cve20136983-sql-injection(90011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"name": "64551",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64551"
},
{
"name": "101514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20131229 Cisco Unified Presence Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"name": "56273",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56273"
},
{
"name": "1029547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029547"
},
{
"name": "cisco-unified-cve20136983-sql-injection(90011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"name": "64551",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64551"
},
{
"name": "101514",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101514"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131229 Cisco Unified Presence Server SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983"
},
{
"name": "56273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56273"
},
{
"name": "1029547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029547"
},
{
"name": "cisco-unified-cve20136983-sql-injection(90011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90011"
},
{
"name": "64551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64551"
},
{
"name": "101514",
"refsource": "OSVDB",
"url": "http://osvdb.org/101514"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6983",
"datePublished": "2013-12-31T11:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1242 (GCVE-0-2013-1242)
Vulnerability from nvd – Published: 2013-05-10 10:00 – Updated: 2024-09-17 02:48
VLAI?
Summary
Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-10T10:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1242",
"datePublished": "2013-05-10T10:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:48:03.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1137 (GCVE-0-2013-1137)
Vulnerability from nvd – Published: 2013-02-27 21:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130227 Cisco Unified Presence Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-27T21:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130227 Cisco Unified Presence Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 allows remote attackers to cause a denial of service (CPU consumption) via crafted packets to the SIP TCP port, aka Bug ID CSCua89930."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130227 Cisco Unified Presence Server Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-1137",
"datePublished": "2013-02-27T21:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:52.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1643 (GCVE-0-2011-1643)
Vulnerability from nvd – Published: 2011-08-29 15:00 – Updated: 2024-09-17 00:10
VLAI?
Summary
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-29T15:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110824 Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f532.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1643",
"datePublished": "2011-08-29T15:00:00Z",
"dateReserved": "2011-04-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:10:43.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2839 (GCVE-0-2010-2839)
Vulnerability from nvd – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI?
Summary
SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) allows remote attackers to cause a denial of service (stack memory corruption and process failure) via a malformed SIP message, aka Bug ID CSCtd14474."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2839",
"datePublished": "2010-08-26T20:00:00",
"dateReserved": "2010-07-23T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2840 (GCVE-0-2010-2840)
Vulnerability from nvd – Published: 2010-08-26 20:00 – Updated: 2024-08-07 02:46
VLAI?
Summary
The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-09T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2010-2186",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Presence Engine (PE) service in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) does not properly handle an erroneous Contact field in the header of a SIP SUBSCRIBE message, which allows remote attackers to cause a denial of service (process failure) via a malformed message, aka Bug ID CSCtd39629."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2186",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2186"
},
{
"name": "20100825 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43909.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2840",
"datePublished": "2010-08-26T20:00:00",
"dateReserved": "2010-07-23T00:00:00",
"dateUpdated": "2024-08-07T02:46:48.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2874 (GCVE-0-2009-2874)
Vulnerability from nvd – Published: 2009-10-16 16:00 – Updated: 2024-08-07 06:07
VLAI?
Summary
The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"name": "cisco-unifiedpresence-timestend-dos(53772)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"name": "36675",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36675"
},
{
"name": "37039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37039"
},
{
"name": "1023018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023018"
},
{
"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "ADV-2009-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"name": "cisco-unifiedpresence-timestend-dos(53772)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"name": "36675",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36675"
},
{
"name": "37039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37039"
},
{
"name": "1023018",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023018"
},
{
"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2915"
},
{
"name": "cisco-unifiedpresence-timestend-dos(53772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53772"
},
{
"name": "36675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36675"
},
{
"name": "37039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37039"
},
{
"name": "1023018",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023018"
},
{
"name": "20091014 Cisco Unified Presence Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080afc930.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-2874",
"datePublished": "2009-10-16T16:00:00",
"dateReserved": "2009-08-19T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}