Shodan
Vulnerabilities
Vulnerable Software
Cisco:  >> Unity Connection  Security Vulnerabilities
CVE-2014-2125
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-04-02
CVE-2014-0664
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP commands, aka Bug ID CSCul49976.
CVSS Score
6.8
EPSS Score
0.018
Published
2014-01-10
CVE-2013-5534
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
CVSS Score
4.0
EPSS Score
0.003
Published
2013-10-19
CVE-2013-1129
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736.
CVSS Score
5.0
EPSS Score
0.005
Published
2013-02-19
CVE-2012-3060
Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269.
CVSS Score
7.8
EPSS Score
0.004
Published
2012-09-16
CVE-2012-3096
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132.
CVSS Score
4.0
EPSS Score
0.004
Published
2012-09-16
CVE-2012-0366
Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141.
CVSS Score
9.0
EPSS Score
0.004
Published
2012-03-01
CVE-2012-0367
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899.
CVSS Score
7.8
EPSS Score
0.036
Published
2012-03-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved