The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco CUCM

computer vulnerability alert CVE-2018-0411

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 02/08/2018.
Identifiers: cisco-sa-20180801-ucm-xss, CSCvk15343, CVE-2018-0411, VIGILANCE-VUL-26896.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-0363

Cisco Unified Communications Manager IM and Presence Service: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco Unified Communications Manager IM and Presence Service, in order to force the victim to perform operations.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 21/06/2018.
Identifiers: CERTFR-2018-AVI-298, cisco-sa-20180620-ucmim-ps-csrf, CSCvi55878, CVE-2018-0363, VIGILANCE-VUL-26478.

Description of the vulnerability

The Cisco Unified Communications Manager IM and Presence Service product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco Unified Communications Manager IM and Presence Service, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-0340

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-ucm-xss, CSCvj00512, CVE-2018-0340, VIGILANCE-VUL-26346.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-0328

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 17/05/2018.
Identifiers: CERTFR-2018-AVI-240, cisco-sa-20180516-cucm-cup-xss, CSCvg89116, CVE-2018-0328, VIGILANCE-VUL-26156.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-0135

Cisco Unified Communications Manager: information disclosure

Synthesis of the vulnerability

An authenticated attacker can bypass access restrictions to data of Cisco Unified Communications Manager, in order to obtain sensitive information.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-ucm, CVE-2018-0135, VIGILANCE-VUL-25249.

Description of the vulnerability

An authenticated attacker can bypass access restrictions to data of Cisco Unified Communications Manager, in order to obtain sensitive information.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2018-0198

Cisco Unified Communications Manager: information disclosure via the Web interface

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Web of Cisco Unified Communications Manager, in order to obtain sensitive information.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: cisco-sa-20180207-ucm1, CVE-2018-0198, VIGILANCE-VUL-25248.

Description of the vulnerability

An attacker can bypass access restrictions to data via Web of Cisco Unified Communications Manager, in order to obtain sensitive information.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2018-0118

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 11/01/2018.
Identifiers: cisco-sa-20180110-ucm, CSCvg51264, CVE-2018-0118, VIGILANCE-VUL-25027.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-12357

Cisco Unified Communications Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 30/11/2017.
Identifiers: cisco-sa-20171129-cucm, CSCvf79346, CVE-2017-12357, VIGILANCE-VUL-24576.

Description of the vulnerability

The Cisco Unified Communications Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco Unified Communications Manager, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-12302

Cisco Unified Communications Manager: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Cisco Unified Communications Manager, in order to read or alter data.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-ucm, CSCvf36682, CVE-2017-12302, VIGILANCE-VUL-24473.

Description of the vulnerability

The Cisco Unified Communications Manager product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Cisco Unified Communications Manager, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-6757

Cisco Unified Communications Manager: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Cisco Unified Communications Manager, in order to read or alter data.
Impacted products: Cisco CUCM.
Severity: 2/4.
Creation date: 03/08/2017.
Identifiers: cisco-sa-20170802-ucm, CSCve13786, CVE-2017-6757, VIGILANCE-VUL-23445.

Description of the vulnerability

The Cisco Unified Communications Manager product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Cisco Unified Communications Manager, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco CUCM: