cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20253,https://securityvulnerability.io/vulnerability/CVE-2024-20253,Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution,"A vulnerability exists in multiple Cisco Unified Communications and Contact Center Solutions products that may allow a remote attacker to execute arbitrary code on an affected device without authentication. This issue arises from improper handling of user-input data, which is read into memory. An attacker can exploit this vulnerability by sending a specially crafted message to a listening port on the affected device. Successful exploitation could enable the attacker to run arbitrary commands on the operating system with the privileges of the web services user. This access may also allow the attacker to gain root access to the affected device, posing significant security risks.",Cisco,"Cisco Unified Contact Center Enterprise,Cisco Unity Connection,Cisco Unified Communications Manager,Cisco Unified Contact Center Express,Cisco Unified Communications Manager IM and Presence Service,Cisco Virtualized Voice Browser,Cisco Packaged Contact Center Enterprise,Cisco Unified Communications Manager / Cisco Unity Connection",10,CRITICAL,0.0030300000216811895,false,,true,false,true,2024-01-28T16:30:48.000Z,,true,false,,2024-01-26T17:28:30.761Z,4836
CVE-2019-15986,https://securityvulnerability.io/vulnerability/CVE-2019-15986,Cisco Unity Express Command Injection Vulnerability,"A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.",Cisco,Cisco Unity Express,6.7,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-05T02:15:46.000Z,,false,false,,2019-11-26T04:15:00.000Z,0
CVE-2018-15381,https://securityvulnerability.io/vulnerability/CVE-2018-15381,Cisco Unity Express Arbitrary Command Execution Vulnerability,"A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.",Cisco,Cisco Unity Express,9.8,CRITICAL,0.5195299983024597,false,,false,false,true,2024-08-05T10:17:49.000Z,,false,false,,2018-11-08T16:29:00.000Z,0
CVE-2013-1114,https://securityvulnerability.io/vulnerability/CVE-2013-1114,,"Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.",Cisco,Unity Express Software,,,0.0018500000005587935,false,,false,false,false,,,false,false,,2013-02-13T23:55:00.000Z,0
CVE-2013-1120,https://securityvulnerability.io/vulnerability/CVE-2013-1120,,"Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.",Cisco,"Unity Express Software,Unity Express",,,0.0009399999980814755,false,,false,false,false,,,false,false,,2013-02-06T12:05:00.000Z,0
CVE-2006-2166,https://securityvulnerability.io/vulnerability/CVE-2006-2166,,"Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.",Cisco,"Unity Express Software,Unity Express",,,0.003860000055283308,false,,false,false,false,,,false,false,,2006-05-04T10:00:00.000Z,0
CVE-2005-4794,https://securityvulnerability.io/vulnerability/CVE-2005-4794,,"Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.",Cisco,"Application And Content Networking Software,Ip Phone 7912,Ata,Subscriber Edge Services Manager,Ip Phone 7902,Ip Phone 7905,Unity Express",,,0.07119999825954437,false,,false,false,false,,,false,false,,2005-12-31T05:00:00.000Z,0
CVE-2005-0356,https://securityvulnerability.io/vulnerability/CVE-2005-0356,,"Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.",Cisco,"Secure Access Control Server,Mgx 8230,Mgx 8250,Personal Assistant,Unity Server,Interactive Voice Response,Call Manager,Support Tools,Web Collaboration Option,Remote Monitoring Suite Option,Ip Contact Center Express,Intelligent Contact Manager,Agent Desktop,E-mail Manager,Meetingplace,Alaxala,Emergency Responder,Ip Contact Center Enterprise",,,0.8651800155639648,false,,false,false,false,,,false,false,,2005-05-31T04:00:00.000Z,0