cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3420,https://securityvulnerability.io/vulnerability/CVE-2020-3420,Cisco Unified Communications Manager and Session Management Edition Vulnerable to XSS Attacks,"A cross-site scripting vulnerability exists in the web-based management interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. This issue stems from inadequate validation of user-supplied input, enabling an authenticated, remote attacker to inject malicious scripts into the interface. By exploiting this vulnerability, an attacker could execute arbitrary script code within the context of the interface or gain unauthorized access to sensitive browser-based information. There are currently no workarounds available to mitigate this vulnerability.",Cisco,Cisco Unified Communications Manager,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-18T16:02:49.827Z,0
CVE-2020-3532,https://securityvulnerability.io/vulnerability/CVE-2020-3532,Cisco Unified Communications Manager vulnerable to Cross-Site Scripting (XSS) Attacks,"A vulnerability exists in the web-based management interface of various Cisco Unified Communications Manager products, allowing remote attackers to exploit cross-site scripting (XSS). This occurs due to insufficient validation of user-supplied input, enabling attackers to craft deceptive links that, when clicked by users, can execute arbitrary script code or access sensitive browser information within the context of the affected interfaces. Importantly, there are no available workarounds to mitigate this vulnerability, making prompt remediation and awareness crucial for affected users.",Cisco,"Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager Im And Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-18T15:54:09.023Z,0
CVE-2024-20488,https://securityvulnerability.io/vulnerability/CVE-2024-20488,Cisco Unified Communications Manager Vulnerable to Cross-Site Scripting Attacks,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Unified Communications Manager,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-21T18:35:03.580Z,0
CVE-2024-20375,https://securityvulnerability.io/vulnerability/CVE-2024-20375,Cisco Unified CM/SME Vulnerability Could Lead to Denial of Service,"A vulnerability exists in the SIP call processing feature of Cisco Unified Communications Manager and the Session Management Edition. This flaw stems from improper parsing of SIP messages, allowing an attacker to send specially crafted SIP messages to impacted devices. Exploitation of this vulnerability may lead to a denial of service (DoS), causing the affected device to reload, thereby disrupting voice and video communications. Organizations using these Cisco products must ensure they are up to date with security configurations to mitigate this risk.",Cisco,Cisco Unified Communications Manager,8.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-21T17:02:18.039Z,0
CVE-2024-20310,https://securityvulnerability.io/vulnerability/CVE-2024-20310,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability found in the web management interface of Cisco Unified Communications Manager IM & Presence Service allows an unauthenticated remote attacker to execute Cross-Site Scripting (XSS) attacks. This issue arises due to the failure of the web interface to adequately validate user-supplied input. An attacker can exploit this vulnerability by convincing an authenticated user to click on a specially crafted link, potentially enabling the execution of arbitrary script code within the context of the affected interface or exposing sensitive browser information.",Cisco,"Cisco iOS Xe Software,Cisco Unified Communications Manager Im And Presence Service",6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-06-20T18:15:07.000Z,,false,false,,2024-04-03T17:15:00.000Z,0
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2023-20259,https://securityvulnerability.io/vulnerability/CVE-2023-20259,Denial of Service Vulnerability in Cisco Unified Communications Products,"A vulnerability exists within an improperly secured API endpoint across various Cisco Unified Communications Products. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted HTTP request. This could result in excessive CPU utilization, leading to potential delays in call processing and affecting access to the web-based management interface. This API is not meant for device management and its exploitation could result in a denial of service condition. Fortunately, once the attack ceases, the affected devices are designed to recover automatically without needing manual intervention.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Prime Collaboration Deployment",7.5,HIGH,0.0010000000474974513,false,,false,false,false,,,false,false,,2023-10-04T17:15:00.000Z,0
CVE-2023-20266,https://securityvulnerability.io/vulnerability/CVE-2023-20266,Privilege Escalation Vulnerability in Cisco Unified Communications Products,"A security flaw exists in Cisco Emergency Responder and related Unified Communications products, allowing an authenticated remote attacker to gain root privileges. This vulnerability arises due to inadequate restrictions on the upgrade files utilized by the application. An attacker with valid platform administrator credentials could exploit this weakness by deploying a specially crafted upgrade file, thereby elevating their access rights and compromising the affected device's integrity.",Cisco,"Cisco Emergency Responder,Cisco Unity Connection,Cisco Unified Communications Manager",7.2,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-08-30T17:15:00.000Z,0
CVE-2023-20211,https://securityvulnerability.io/vulnerability/CVE-2023-20211,SQL Injection Vulnerability in Cisco Unified Communications Manager Products,"A vulnerability exists in the web-based management interface of Cisco's Unified Communications Manager and Session Management Edition. This flaw arises from inadequate validation of user inputs, allowing an authenticated attacker with read-only or higher privileges to execute SQL injection attacks. By crafting malicious HTTP requests, the attacker could manipulate or retrieve sensitive data from the database, posing significant risks to data integrity and confidentiality.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager / Cisco Unity Connection",8.8,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20242,https://securityvulnerability.io/vulnerability/CVE-2023-20242,Cross-Site Scripting Vulnerability in Cisco Unified Communications Manager,"A vulnerability exists within the web-based management interface of Cisco Unified Communications Manager and its associated services that allows an unauthenticated remote attacker to perform cross-site scripting (XSS) attacks. This issue arises from insufficient validation of user-supplied input within the interface. Attackers can exploit this weakness by luring an unsuspecting user to click on a malicious link, potentially allowing execution of arbitrary script code in the context of the affected interface or access to sensitive browser-based information.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager IM and Presence Service,Cisco Unified Communications Manager / Cisco Unity Connection",6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-16T21:15:00.000Z,0
CVE-2023-20108,https://securityvulnerability.io/vulnerability/CVE-2023-20108,Denial of Service Vulnerability in Cisco Unified Communications Manager IM & Presence Service,"A vulnerability exists in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service, potentially allowing an unauthenticated remote attacker to disrupt service for all users attempting to authenticate. This vulnerability stems from improper validation of user-supplied input. By sending a specially crafted login message, an attacker can trigger an unexpected restart of the authentication service, which leads to a denial of service condition for new users trying to access the system. However, users who were already authenticated prior to the attack are not affected.",Cisco,Cisco Unified Communications Manager IM and Presence Service,7.5,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-20116,https://securityvulnerability.io/vulnerability/CVE-2023-20116,Denial of Service Vulnerability in Cisco Unified Communications Manager,"A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition can be exploited by authenticated, remote attackers. Due to inadequate validation of user-supplied input in the Self Care Portal's web UI, attackers could send specially crafted HTTP requests to the affected devices. If successfully exploited, this could lead to a denial of service condition, disrupting the functionality of the affected communication systems.",Cisco,"Cisco Unified Communications Manager,Cisco Unified Communications Manager / Cisco Unity Connection",5.7,MEDIUM,0.0007699999841861427,false,,false,false,false,,,false,false,,2023-06-28T00:00:00.000Z,0
CVE-2023-20010,https://securityvulnerability.io/vulnerability/CVE-2023-20010,SQL Injection Vulnerability in Cisco Unified Communications Manager Products,"A vulnerability exists in the web-based management interface of Cisco Unified Communications Manager and its Session Management Edition. This security flaw arises from inadequate validation of user input, enabling authenticated remote attackers to execute crafted SQL queries. By exploiting this weakness, an attacker with low-level privileges can potentially read or modify data in the underlying database, or escalate their privileges within the system.",Cisco,Cisco Unified Communications Manager,8.8,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2022-20816,https://securityvulnerability.io/vulnerability/CVE-2022-20816,Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This vulnerability exists because the affected software does not properly validate HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to delete arbitrary files from the affected system.",Cisco,Cisco Unified Communications Manager,6.5,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-08-10T09:15:00.000Z,0
CVE-2022-20859,https://securityvulnerability.io/vulnerability/CVE-2022-20859,Cisco Unified Communications Products Access Control Vulnerability,"A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.",Cisco,Cisco Unified Communications Manager,6.5,MEDIUM,0.0016199999954551458,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20862,https://securityvulnerability.io/vulnerability/CVE-2022-20862,Cisco Unified Communications Manager Arbitrary File Read Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.",Cisco,Cisco Unified Communications Manager,4.3,MEDIUM,0.0008999999845400453,false,,false,false,true,2024-08-03T03:15:44.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20752,https://securityvulnerability.io/vulnerability/CVE-2022-20752,Cisco Unified Communications Products Timing Attack Vulnerability,"A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.",Cisco,Cisco Unified Communications Manager,5.3,MEDIUM,0.0011500000255182385,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20791,https://securityvulnerability.io/vulnerability/CVE-2022-20791,Cisco Unified Communications Products Arbitrary File Read Vulnerability,"A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.",Cisco,Cisco Unified Communications Manager,6.5,MEDIUM,0.0010000000474974513,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20815,https://securityvulnerability.io/vulnerability/CVE-2022-20815,Cisco Unified Communications Products Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unified Communications Manager,6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-07-06T00:00:00.000Z,0
CVE-2022-20786,https://securityvulnerability.io/vulnerability/CVE-2022-20786,Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.",Cisco,Cisco Unified Communications Manager Im And Presence Service,5.4,MEDIUM,0.0008399999933317304,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20804,https://securityvulnerability.io/vulnerability/CVE-2022-20804,Cisco Unified Communications Products Denial of Service Vulnerability,"A vulnerability in the Cisco Discovery Protocol of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, adjacent attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect processing of certain Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by continuously sending certain Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition.",Cisco,Cisco Unified Communications Manager,5.3,MEDIUM,0.0005799999926239252,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20790,https://securityvulnerability.io/vulnerability/CVE-2022-20790,Cisco Unified Communications Products Arbitrary File Read Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.",Cisco,Cisco Unified Communications Manager,6.5,MEDIUM,0.001019999966956675,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20789,https://securityvulnerability.io/vulnerability/CVE-2022-20789,Cisco Unified Communications Products Arbitrary File  Write Vulnerability,"A vulnerability in the software upgrade process of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to write arbitrary files on the affected system. This vulnerability is due to improper restrictions applied to a system script. An attacker could exploit this vulnerability by using crafted variables during the execution of a system upgrade. A successful exploit could allow the attacker to overwrite or append arbitrary data to system files using root-level privileges.",Cisco,Cisco Unified Communications Manager,4.9,MEDIUM,0.0011599999852478504,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20787,https://securityvulnerability.io/vulnerability/CVE-2022-20787,Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.",Cisco,Cisco Unified Communications Manager,5.7,MEDIUM,0.0007999999797903001,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-21T19:15:00.000Z,0
CVE-2022-20788,https://securityvulnerability.io/vulnerability/CVE-2022-20788,Cisco Unified Communications Products Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Unified Communications Manager,6.1,MEDIUM,0.0014700000174343586,false,,false,false,true,2024-08-03T03:15:41.000Z,,false,false,,2022-04-20T00:00:00.000Z,0