The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco CUCM

computer vulnerability alert CVE-2019-1887

Cisco Unified Communications Manager: denial of service via SIP

Synthesis of the vulnerability

An attacker can trigger a fatal error via SIP of Cisco Unified Communications Manager, in order to trigger a denial of service.
Impacted products: Cisco CUCM.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 04/07/2019.
Identifiers: CERTFR-2019-AVI-304, cisco-sa-20190703-cucm-dos, CSCvo70834, CVE-2019-1887, VIGILANCE-VUL-29686.

Description of the vulnerability

An attacker can trigger a fatal error via SIP of Cisco Unified Communications Manager, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-1837

Cisco Unified Communications Manager: denial of service via UDS API

Synthesis of the vulnerability

An attacker can trigger a fatal error via UDS API of Cisco Unified Communications Manager, in order to trigger a denial of service.
Impacted products: Cisco CUCM.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 18/04/2019.
Identifiers: cisco-sa-20190417-ucm-dos, CSCvo08315, CVE-2019-1837, VIGILANCE-VUL-29086.

Description of the vulnerability

An attacker can trigger a fatal error via UDS API of Cisco Unified Communications Manager, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0474

Cisco Unified Communications Manager: information disclosure via Digest Credentials

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Digest Credentials of Cisco Unified Communications Manager, in order to obtain sensitive information.
Impacted products: Cisco CUCM.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-cucm-creds-disclosr, CSCvc21606, CVE-2018-0474, VIGILANCE-VUL-28202.

Description of the vulnerability

An attacker can bypass access restrictions to data via Digest Credentials of Cisco Unified Communications Manager, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-15403

Cisco Unified Communications Manager: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of Cisco Unified Communications Manager, in order to redirect him to a malicious site.
Impacted products: Cisco CUCM.
Severity: 1/4.
Consequences: user access/rights, data reading.
Provenance: internet client.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-er-ucm-redirect, CSCvj48070, CSCvj56757, CSCvj56760, CSCvj59218, CVE-2018-15403, VIGILANCE-VUL-27401.

Description of the vulnerability

An attacker can deceive the user of Cisco Unified Communications Manager, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5391

Linux kernel: denial of service via FragmentSmack

Synthesis of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Impacted products: GAiA, SecurePlatform, CheckPoint Security Gateway, Cisco Aironet, IOS XE Cisco, Nexus by Cisco, Prime Collaboration Assurance, Prime Infrastructure, Cisco Router, Secure ACS, Cisco CUCM, Cisco UCS, Cisco Unified CCX, Cisco IP Phone, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, Synology DSM, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, CERTFR-2019-AVI-233, CERTFR-2019-AVI-242, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-2019-062, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:0274-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.

Description of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0409

Cisco CUCM IM&P: denial of service via XCP Router Service

Synthesis of the vulnerability

An attacker can generate a fatal error via XCP Router Service of Cisco CUCM IM&P, in order to trigger a denial of service.
Impacted products: Cisco CUCM.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-393, cisco-sa-20180815-ucmimps-dos, CSCvg97663, CSCvi55947, CVE-2018-0409, VIGILANCE-VUL-26994.

Description of the vulnerability

An attacker can generate a fatal error via XCP Router Service of Cisco CUCM IM&P, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0411

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 02/08/2018.
Identifiers: cisco-sa-20180801-ucm-xss, CSCvk15343, CVE-2018-0411, VIGILANCE-VUL-26896.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0363

Cisco Unified Communications Manager IM and Presence Service: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Unified Communications Manager IM and Presence Service, in order to force the victim to perform operations.
Impacted products: Cisco CUCM.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 21/06/2018.
Identifiers: CERTFR-2018-AVI-298, cisco-sa-20180620-ucmim-ps-csrf, CSCvi55878, CVE-2018-0363, VIGILANCE-VUL-26478.

Description of the vulnerability

The Cisco Unified Communications Manager IM and Presence Service product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco Unified Communications Manager IM and Presence Service, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-0340

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-ucm-xss, CSCvj00512, CVE-2018-0340, VIGILANCE-VUL-26346.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6779

Cisco: denial of service via Log File Size

Synthesis of the vulnerability

An attacker can generate a fatal error via Log File Size of Cisco, in order to trigger a denial of service.
Impacted products: Prime Collaboration Assurance, Cisco CUCM, Cisco Unified CCX, Cisco Unity ~ precise.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-diskdos, CVE-2017-6779, VIGILANCE-VUL-26343.

Description of the vulnerability

An attacker can generate a fatal error via Log File Size of Cisco, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco CUCM: