Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Emergency_responder
(Cisco)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 25 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-01-13 | CVE-2021-1226 | A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection, Cisco Emergency Responder, and Cisco Prime License Manager could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. The vulnerability is due to the storage of certain unencrypted credentials. An... | Emergency_responder, Prime_license_manager, Unified_communications_manager, Unified_communications_manager_im_\&_presence_service, Unity_connection | 6.5 | ||
2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along... | Log4j, Xcode, Synchro, Synchro_4d, Advanced_malware_protection_virtual_private_cloud_appliance, Automated_subsea_tuning, Broadworks, Business_process_automation, Cloud_connect, Cloudcenter, Cloudcenter_cost_optimizer, Cloudcenter_suite, Cloudcenter_suite_admin, Cloudcenter_workload_manager, Common_services_platform_collector, Connected_analytics_for_network_deployment, Connected_mobile_experiences, Contact_center_domain_manager, Contact_center_management_portal, Crosswork_data_gateway, Crosswork_network_automation, Crosswork_network_controller, Crosswork_optimization_engine, Crosswork_platform_infrastructure, Crosswork_zero_touch_provisioning, Customer_experience_cloud_agent, Cx_cloud_agent, Cyber_vision, Cyber_vision_sensor_management_extension, Data_center_network_manager, Dna_center, Dna_spaces, Dna_spaces\:_connector, Dna_spaces_connector, Emergency_responder, Enterprise_chat_and_email, Evolved_programmable_network_manager, Finesse, Firepower_threat_defense, Fog_director, Fxos, Identity_services_engine, Integrated_management_controller_supervisor, Intersight_virtual_appliance, Iot_operations_dashboard, Mobility_services_engine, Network_assurance_engine, Network_dashboard_fabric_controller, Network_insights_for_data_center, Network_services_orchestrator, Nexus_dashboard, Nexus_insights, Optical_network_controller, Packaged_contact_center_enterprise, Paging_server, Prime_service_catalog, Sd\-Wan_vmanage, Smart_phy, Ucs_central, Ucs_central_software, Ucs_director, Unified_communications_manager, Unified_communications_manager_im_\&_presence_service, Unified_communications_manager_im_and_presence_service, Unified_computing_system, Unified_contact_center_enterprise, Unified_contact_center_express, Unified_contact_center_management_portal, Unified_customer_voice_portal, Unified_intelligence_center, Unified_sip_proxy, Unified_workforce_optimization, Unity_connection, Video_surveillance_manager, Video_surveillance_operations_manager, Virtual_topology_system, Virtualized_infrastructure_manager, Virtualized_voice_browser, Wan_automation_engine, Webex_meetings_server, Workload_optimization_manager, Debian_linux, Fedora, Audio_development_kit, Computer_vision_annotation_tool, Data_center_manager, Genomics_kernel_library, Oneapi_sample_browser, Secure_device_onboard, Sensor_solution_firmware_development_kit, System_debugger, System_studio, Active_iq_unified_manager, Cloud_insights, Cloud_manager, Cloud_secure_agent, Oncommand_insight, Ontap_tools, Snapcenter, Rhythmyx, Captial, Comos, Desigo_cc_advanced_reports, Desigo_cc_info_center, E\-Car_operation_center, Energy_engage, Energyip, Energyip_prepay, Gma\-Manager, Head\-End_system_universal_device_integration_system, Industrial_edge_management, Industrial_edge_management_hub, Logo\!_soft_comfort, Mendix, Mindsphere, Navigator, Nx, Opcenter_intelligence, Operation_scheduler, Sentron_powermanager, Siguard_dsa, Sipass_integrated, Siveillance_command, Siveillance_control_pro, Siveillance_identity, Siveillance_vantage, Siveillance_viewpoint, Solid_edge_cam_pro, Solid_edge_harness_design, Spectrum_power_4, Spectrum_power_7, Sppa\-T3000_ses3000_firmware, Teamcenter, Vesys, Xpedition_enterprise, Xpedition_package_integrator, Snow_commander, Vm_access_proxy, Email_security | 10.0 | ||
2023-08-30 | CVE-2023-20266 | A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted... | Emergency_responder, Unified_communications_manager, Unity_connection | 7.2 | ||
2023-10-04 | CVE-2023-20101 | A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could... | Emergency_responder | 9.8 | ||
2023-10-04 | CVE-2023-20259 | A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could... | Emergency_responder, Prime_collaboration_deployment, Unified_communications_manager, Unified_communications_manager_im_\&_presence_service, Unity_connection | 7.5 | ||
2018-10-05 | CVE-2018-15403 | A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a... | Emergency_responder, Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unity_connection | 5.4 | ||
2018-06-07 | CVE-2017-6779 | Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could... | Emergency_responder, Finesse, Hosted_collaboration_mediation_fulfillment, Mediasense, Prime_collaboration_assurance, Prime_collaboration_provisioning, Prime_license_manager, Socialminer, Unified_communications_manager, Unified_contact_center_express, Unified_intelligence_center, Unity_connection, Virtualized_voice_browser | 7.5 | ||
2017-11-16 | CVE-2017-12337 | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could... | Emergency_responder, Finesse, Hosted_collaboration_solution, Mediasense, Prime_license_manager, Socialminer, Unified_communications_manager, Unified_communications_manager_im_and_presence_service, Unified_contact_center_express, Unified_intelligence_center, Unity_connection | 9.8 | ||
2017-09-07 | CVE-2017-12227 | A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of... | Emergency_responder | 5.4 | ||
2005-05-31 | CVE-2005-0356 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. | Alaxala_networks, Agent_desktop, Aironet_ap1200, Aironet_ap350, Call_manager, Ciscoworks_1105_hosting_solution_engine, Ciscoworks_1105_wireless_lan_solution_engine, Ciscoworks_access_control_list_manager, Ciscoworks_cd1, Ciscoworks_common_management_foundation, Ciscoworks_common_services, Ciscoworks_lms, Ciscoworks_vpn_security_management_solution, Ciscoworks_windows, Ciscoworks_windows_wug, Conference_connection, Content_services_switch_11000, Content_services_switch_11050, Content_services_switch_11150, Content_services_switch_11500, Content_services_switch_11501, Content_services_switch_11503, Content_services_switch_11506, Content_services_switch_11800, E\-Mail_manager, Emergency_responder, Intelligent_contact_manager, Interactive_voice_response, Ip_contact_center_enterprise, Ip_contact_center_express, Meetingplace, Mgx_8230, Mgx_8250, Personal_assistant, Remote_monitoring_suite_option, Secure_access_control_server, Sn_5420_storage_router, Sn_5420_storage_router_firmware, Sn_5428_storage_router, Support_tools, Unity_server, Web_collaboration_option, Webns, Tmos, Freebsd, Alaxala, Gr3000, Gr4000, Gs4000, Windows_2000, Windows_2003_server, Windows_xp, 7220_wlan_access_point, 7250_wlan_access_point, Business_communications_manager, Callpilot, Contact_center, Ethernet_routing_switch_1612, Ethernet_routing_switch_1624, Ethernet_routing_switch_1648, Optical_metro_5000, Optical_metro_5100, Optical_metro_5200, Succession_communication_server_1000, Survivable_remote_gateway, Universal_signaling_point, Openbsd, Rt105, Rt250i, Rt300i, Rt57i, Rtv700, Rtx1000, Rtx1100, Rtx1500, Rtx2000 | N/A |