Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for Cisco Unified Communications Manager IM and Presence Service by Cisco

    CVE-2026-20045 (GCVE-0-2026-20045)

    Vulnerability from nvd – Published: 2026-01-21 16:26 – Updated: 2026-02-26 14:44
    VLAI CISA KEVIntel
    Title
    Cisco Unified Communications Products Remote Code Execution Vulnerability
    Summary
    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15.0.1.13010-1
    Affected: 15.0.1.13011-1
    Affected: 15.0.1.13012-1
    Affected: 15.0.1.13013-1
    Affected: 15.0.1.13014-1
    Affected: 15.0.1.13015-1
    Affected: 15.0.1.13016-1
    Affected: 15.0.1.13017-1
    Affected: 15SU3a
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20045",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T04:55:44.107919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:34.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-21T00:00:00.000Z",
                "value": "CVE-2026-20045 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13010-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13011-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13012-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13013-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13014-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13015-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13016-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13017-1"
                },
                {
                  "status": "affected",
                  "version": "15SU3a"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\u0026nbsp;\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T20:33:31.808Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-voice-rce-mORhqY4b",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voice-rce-mORhqY4b",
            "defects": [
              "CSCwr21851"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20045",
        "datePublished": "2026-01-21T16:26:20.312Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-02-26T14:44:34.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20330 (GCVE-0-2025-20330)

    Vulnerability from nvd – Published: 2025-09-03 17:40 – Updated: 2026-02-26 17:49
    VLAI
    Title
    Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T03:55:45.935584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:49:45.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:40:43.960Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-xss-XQgu4HSG",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-xss-XQgu4HSG",
            "defects": [
              "CSCwm63865"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20330",
        "datePublished": "2025-09-03T17:40:43.960Z",
        "dateReserved": "2024-10-10T19:15:13.254Z",
        "dateUpdated": "2026-02-26T17:49:45.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20278 (GCVE-0-2025-20278)

    Vulnerability from nvd – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Cisco Unified Communications Products Command Injection Vulnerability
    Summary
    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES5
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: Recovery ISO
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
    Affected: 10.5(1)SU1
    Affected: 10.6(1)SU3
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.6(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T03:55:33.465322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:08.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "Recovery ISO"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:18:20.661Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-vos-command-inject-65s2UCYy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
            "defects": [
              "CSCwk24029"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Command Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20278",
        "datePublished": "2025-06-04T16:18:20.661Z",
        "dateReserved": "2024-10-10T19:15:13.246Z",
        "dateUpdated": "2026-02-26T17:51:08.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20112 (GCVE-0-2025-20112)

    Vulnerability from nvd – Published: 2025-05-21 16:19 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Cisco Unified Communications Products Privilege Escalation Vulnerability
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Emergency Responder Affected: 12.5(1a)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 12.5(1)SU8b
    Affected: 14SU3a
    Affected: 15
    Affected: 15SU1
    Affected: 15SU1a
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES6
    Create a notification for this product.
    Cisco Cisco Prime Collaboration Deployment Affected: 11.5(1)
    Affected: 11.0(1a)
    Affected: 11.5(1)SU1
    Affected: 10.5(3)
    Affected: 12.6(1)
    Affected: 11.0(1)
    Affected: 11.6(2)
    Affected: 12.1(1)
    Affected: 12.0(1a)
    Affected: 11.5(3)
    Affected: 10.5(1)
    Affected: 12.5(1)
    Affected: 11.5(2)
    Affected: 11.6(1)
    Affected: 10.5(2)
    Affected: 10.5(3)SU1
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU3
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.5(1)SU1
    Affected: 10.6(1)
    Affected: 11.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)SU4ES09
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T03:55:23.838603Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:03.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Emergency Responder",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1a)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8b"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES6"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Prime Collaboration Deployment",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(3)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(3)SU1"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)SU4ES09"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to excessive permissions that have been assigned to system commands.\u0026nbsp;An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-268",
                  "description": "Privilege Chaining",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-21T16:19:24.562Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-kkhZbHR5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-kkhZbHR5",
            "defects": [
              "CSCwi52980"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20112",
        "datePublished": "2025-05-21T16:19:24.562Z",
        "dateReserved": "2024-10-10T19:15:13.210Z",
        "dateUpdated": "2026-02-26T18:28:03.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-3532 (GCVE-0-2020-3532)

    Vulnerability from nvd – Published: 2024-11-18 15:54 – Updated: 2024-11-18 16:33
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-3532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T16:32:58.372032Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T16:33:19.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;Unified Communications Manager, Cisco\u0026nbsp;Unified Communications Manager Session Management Edition, Cisco\u0026nbsp;Unified Communications Manager IM \u0026amp; Presence Service, and Cisco\u0026nbsp;Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X",
                "version": "3.0"
              },
              "format": "cvssV3_0"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-18T15:54:09.023Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-cuc-imp-xss-XtpzfM5e",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-XtpzfM5e"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-cuc-imp-xss-XtpzfM5e",
            "defects": [
              "CSCvt01179"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-3532",
        "datePublished": "2024-11-18T15:54:09.023Z",
        "dateReserved": "2019-12-12T00:00:00.000Z",
        "dateUpdated": "2024-11-18T16:33:19.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20457 (GCVE-0-2024-20457)

    Vulnerability from nvd – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:06
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 11.5(1)SU6
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU2
    Affected: 12.5(1)
    Affected: 10.5(2)SU2a
    Affected: 11.5(1)SU3a
    Affected: 10.0(1)SU2
    Affected: 10.5(2)SU2
    Affected: 11.0
    Affected: 10.5(2)SU3
    Affected: 10.5(1)SU3
    Affected: 11.5(1)SU1
    Affected: 11.0(1)
    Affected: 10.5(2)SU4
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU5
    Affected: 10.0(1)SU1
    Affected: 11.5(1)SU3
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU4
    Affected: 12.5(1)SU1
    Affected: 10.0(1)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU1
    Affected: 10.5(1)
    Affected: 10.5(2a)
    Affected: 11.5(1)
    Affected: 12.5(1)SU2
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 12.5(1)SU3
    Affected: 11.5(1)SU9
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 11.5(1)SU10
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 11.5(1)SU11
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:06:29.143075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T17:06:37.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:12.887Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-inf-disc-cUPKuA5n",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
            "defects": [
              "CSCwk31853"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20457",
        "datePublished": "2024-11-06T16:29:12.887Z",
        "dateReserved": "2023-11-08T15:08:07.679Z",
        "dateUpdated": "2024-11-06T17:06:37.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20310 (GCVE-0-2024-20310)

    Vulnerability from nvd – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IOS XE Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2a\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2a\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2b\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2b\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su11
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su11:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su8
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su8:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su9
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su9:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2a\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2b\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su9"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T17:58:41.263017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T16:23:39.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.851Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IOS XE Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:36:06.520Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
            "defects": [
              "CSCwf41335"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20310",
        "datePublished": "2024-04-03T16:19:40.031Z",
        "dateReserved": "2023-11-08T15:08:07.631Z",
        "dateUpdated": "2024-08-01T21:59:41.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from nvd – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20259 (GCVE-0-2023-20259)

    Vulnerability from nvd – Published: 2023-10-04 16:13 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-apidos-PGsDcdNF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Emergency Responder",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Prime Collaboration Deployment",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:34.054Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-apidos-PGsDcdNF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-apidos-PGsDcdNF",
            "defects": [
              "CSCwf44755",
              "CSCwf62074",
              "CSCwf62081",
              "CSCwf62094",
              "CSCwf62080"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20259",
        "datePublished": "2023-10-04T16:13:30.662Z",
        "dateReserved": "2022-10-27T18:47:50.372Z",
        "dateUpdated": "2024-08-02T09:05:36.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20242 (GCVE-0-2023-20242)

    Vulnerability from nvd – Published: 2023-08-16 20:59 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 12.5(1)SU8
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU3
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:29.703Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
            "defects": [
              "CSCwh00875",
              "CSCwh02167"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20242",
        "datePublished": "2023-08-16T20:59:25.126Z",
        "dateReserved": "2022-10-27T18:47:50.370Z",
        "dateUpdated": "2024-08-02T09:05:35.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20108 (GCVE-0-2023-20108)

    Vulnerability from nvd – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
    CWE
    • CWE-789 - Uncontrolled Memory Allocation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Uncontrolled Memory Allocation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:44.711Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-dos-49GL7rzT",
            "defects": [
              "CSCvy16642"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20108",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-02T08:57:35.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20786 (GCVE-0-2022-20786)

    Vulnerability from nvd – Published: 2022-04-21 18:50 – Updated: 2024-11-06 16:23
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2022-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:47.908237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:23:08.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-21T18:50:22.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
            "defect": [
              [
                "CSCvy16643"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-04-20T23:00:00",
              "ID": "CVE-2022-20786",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
              "defect": [
                [
                  "CSCvy16643"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20786",
        "datePublished": "2022-04-21T18:50:23.035Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:23:08.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1365 (GCVE-0-2021-1365)

    Vulnerability from nvd – Published: 2021-05-06 12:42 – Updated: 2024-11-08 23:17
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2021-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:11:16.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-08T20:43:54.547996Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-08T23:17:45.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-06T12:42:48.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inj-ereCOKjR",
            "defect": [
              [
                "CSCvv20957",
                "CSCvv21013"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-05-05T16:00:00",
              "ID": "CVE-2021-1365",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "7.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-inj-ereCOKjR",
              "defect": [
                [
                  "CSCvv20957",
                  "CSCvv21013"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1365",
        "datePublished": "2021-05-06T12:42:48.284Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-08T23:17:45.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1363 (GCVE-0-2021-1363)

    Vulnerability from nvd – Published: 2021-05-06 12:42 – Updated: 2024-11-08 23:17
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2021-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:11:17.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-08T20:43:51.245678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-08T23:17:36.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-06T12:42:52.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inj-ereCOKjR",
            "defect": [
              [
                "CSCvv20957",
                "CSCvv21013"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-05-05T16:00:00",
              "ID": "CVE-2021-1363",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "7.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-inj-ereCOKjR",
              "defect": [
                [
                  "CSCvv20957",
                  "CSCvv21013"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1363",
        "datePublished": "2021-05-06T12:42:52.550Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-08T23:17:36.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27121 (GCVE-0-2020-27121)

    Vulnerability from nvd – Published: 2020-11-06 18:15 – Updated: 2024-11-13 17:44
    VLAI
    Title
    Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability
    Summary
    A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2020-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:11:35.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-27121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T17:22:36.184575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T17:44:46.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T18:15:38.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-dos-uTx2dqu2",
            "defect": [
              [
                "CSCvv75814"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2020-11-04T16:00:00",
              "ID": "CVE-2020-27121",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-dos-uTx2dqu2",
              "defect": [
                [
                  "CSCvv75814"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-27121",
        "datePublished": "2020-11-06T18:15:38.587Z",
        "dateReserved": "2020-10-13T00:00:00.000Z",
        "dateUpdated": "2024-11-13T17:44:46.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20045 (GCVE-0-2026-20045)

    Vulnerability from cvelistv5 – Published: 2026-01-21 16:26 – Updated: 2026-02-26 14:44
    VLAI CISA KEVIntel
    Title
    Cisco Unified Communications Products Remote Code Execution Vulnerability
    Summary
    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15.0.1.13010-1
    Affected: 15.0.1.13011-1
    Affected: 15.0.1.13012-1
    Affected: 15.0.1.13013-1
    Affected: 15.0.1.13014-1
    Affected: 15.0.1.13015-1
    Affected: 15.0.1.13016-1
    Affected: 15.0.1.13017-1
    Affected: 15SU3a
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20045",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T04:55:44.107919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:34.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-21T00:00:00.000Z",
                "value": "CVE-2026-20045 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13010-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13011-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13012-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13013-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13014-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13015-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13016-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13017-1"
                },
                {
                  "status": "affected",
                  "version": "15SU3a"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\u0026nbsp;\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T20:33:31.808Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-voice-rce-mORhqY4b",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voice-rce-mORhqY4b",
            "defects": [
              "CSCwr21851"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20045",
        "datePublished": "2026-01-21T16:26:20.312Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-02-26T14:44:34.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20330 (GCVE-0-2025-20330)

    Vulnerability from cvelistv5 – Published: 2025-09-03 17:40 – Updated: 2026-02-26 17:49
    VLAI
    Title
    Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T03:55:45.935584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:49:45.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:40:43.960Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-xss-XQgu4HSG",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-xss-XQgu4HSG",
            "defects": [
              "CSCwm63865"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20330",
        "datePublished": "2025-09-03T17:40:43.960Z",
        "dateReserved": "2024-10-10T19:15:13.254Z",
        "dateUpdated": "2026-02-26T17:49:45.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20278 (GCVE-0-2025-20278)

    Vulnerability from cvelistv5 – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Cisco Unified Communications Products Command Injection Vulnerability
    Summary
    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES5
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: Recovery ISO
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
    Affected: 10.5(1)SU1
    Affected: 10.6(1)SU3
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.6(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T03:55:33.465322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:08.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "Recovery ISO"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:18:20.661Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-vos-command-inject-65s2UCYy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
            "defects": [
              "CSCwk24029"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Command Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20278",
        "datePublished": "2025-06-04T16:18:20.661Z",
        "dateReserved": "2024-10-10T19:15:13.246Z",
        "dateUpdated": "2026-02-26T17:51:08.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20112 (GCVE-0-2025-20112)

    Vulnerability from cvelistv5 – Published: 2025-05-21 16:19 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Cisco Unified Communications Products Privilege Escalation Vulnerability
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Emergency Responder Affected: 12.5(1a)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 12.5(1)SU8b
    Affected: 14SU3a
    Affected: 15
    Affected: 15SU1
    Affected: 15SU1a
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES6
    Create a notification for this product.
    Cisco Cisco Prime Collaboration Deployment Affected: 11.5(1)
    Affected: 11.0(1a)
    Affected: 11.5(1)SU1
    Affected: 10.5(3)
    Affected: 12.6(1)
    Affected: 11.0(1)
    Affected: 11.6(2)
    Affected: 12.1(1)
    Affected: 12.0(1a)
    Affected: 11.5(3)
    Affected: 10.5(1)
    Affected: 12.5(1)
    Affected: 11.5(2)
    Affected: 11.6(1)
    Affected: 10.5(2)
    Affected: 10.5(3)SU1
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU3
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.5(1)SU1
    Affected: 10.6(1)
    Affected: 11.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)SU4ES09
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20112",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T03:55:23.838603Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:03.732Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Emergency Responder",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1a)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8b"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES6"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Prime Collaboration Deployment",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(3)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(3)SU1"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)SU4ES09"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to excessive permissions that have been assigned to system commands.\u0026nbsp;An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-268",
                  "description": "Privilege Chaining",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-21T16:19:24.562Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-kkhZbHR5",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-kkhZbHR5",
            "defects": [
              "CSCwi52980"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20112",
        "datePublished": "2025-05-21T16:19:24.562Z",
        "dateReserved": "2024-10-10T19:15:13.210Z",
        "dateUpdated": "2026-02-26T18:28:03.732Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-3532 (GCVE-0-2020-3532)

    Vulnerability from cvelistv5 – Published: 2024-11-18 15:54 – Updated: 2024-11-18 16:33
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-3532",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T16:32:58.372032Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T16:33:19.375Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco\u0026nbsp;Unified Communications Manager, Cisco\u0026nbsp;Unified Communications Manager Session Management Edition, Cisco\u0026nbsp;Unified Communications Manager IM \u0026amp; Presence Service, and Cisco\u0026nbsp;Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X",
                "version": "3.0"
              },
              "format": "cvssV3_0"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-18T15:54:09.023Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-cuc-imp-xss-XtpzfM5e",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-XtpzfM5e"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-cuc-imp-xss-XtpzfM5e",
            "defects": [
              "CSCvt01179"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-3532",
        "datePublished": "2024-11-18T15:54:09.023Z",
        "dateReserved": "2019-12-12T00:00:00.000Z",
        "dateUpdated": "2024-11-18T16:33:19.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20457 (GCVE-0-2024-20457)

    Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:06
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 11.5(1)SU6
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU2
    Affected: 12.5(1)
    Affected: 10.5(2)SU2a
    Affected: 11.5(1)SU3a
    Affected: 10.0(1)SU2
    Affected: 10.5(2)SU2
    Affected: 11.0
    Affected: 10.5(2)SU3
    Affected: 10.5(1)SU3
    Affected: 11.5(1)SU1
    Affected: 11.0(1)
    Affected: 10.5(2)SU4
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU5
    Affected: 10.0(1)SU1
    Affected: 11.5(1)SU3
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU4
    Affected: 12.5(1)SU1
    Affected: 10.0(1)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU1
    Affected: 10.5(1)
    Affected: 10.5(2a)
    Affected: 11.5(1)
    Affected: 12.5(1)SU2
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 12.5(1)SU3
    Affected: 11.5(1)SU9
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 11.5(1)SU10
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 11.5(1)SU11
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:06:29.143075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T17:06:37.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:12.887Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-inf-disc-cUPKuA5n",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
            "defects": [
              "CSCwk31853"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20457",
        "datePublished": "2024-11-06T16:29:12.887Z",
        "dateReserved": "2023-11-08T15:08:07.679Z",
        "dateUpdated": "2024-11-06T17:06:37.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20310 (GCVE-0-2024-20310)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IOS XE Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2a\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2a\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2b\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2b\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su11
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su11:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su8
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su8:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su9
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su9:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2a\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2b\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su9"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T17:58:41.263017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T16:23:39.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.851Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IOS XE Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:36:06.520Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
            "defects": [
              "CSCwf41335"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20310",
        "datePublished": "2024-04-03T16:19:40.031Z",
        "dateReserved": "2023-11-08T15:08:07.631Z",
        "dateUpdated": "2024-08-01T21:59:41.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20259 (GCVE-0-2023-20259)

    Vulnerability from cvelistv5 – Published: 2023-10-04 16:13 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-apidos-PGsDcdNF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Emergency Responder",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Prime Collaboration Deployment",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:34.054Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-apidos-PGsDcdNF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-apidos-PGsDcdNF",
            "defects": [
              "CSCwf44755",
              "CSCwf62074",
              "CSCwf62081",
              "CSCwf62094",
              "CSCwf62080"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20259",
        "datePublished": "2023-10-04T16:13:30.662Z",
        "dateReserved": "2022-10-27T18:47:50.372Z",
        "dateUpdated": "2024-08-02T09:05:36.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20242 (GCVE-0-2023-20242)

    Vulnerability from cvelistv5 – Published: 2023-08-16 20:59 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 12.5(1)SU8
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU3
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:29.703Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
            "defects": [
              "CSCwh00875",
              "CSCwh02167"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20242",
        "datePublished": "2023-08-16T20:59:25.126Z",
        "dateReserved": "2022-10-27T18:47:50.370Z",
        "dateUpdated": "2024-08-02T09:05:35.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20108 (GCVE-0-2023-20108)

    Vulnerability from cvelistv5 – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
    CWE
    • CWE-789 - Uncontrolled Memory Allocation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Uncontrolled Memory Allocation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:44.711Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-dos-49GL7rzT",
            "defects": [
              "CSCvy16642"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20108",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-02T08:57:35.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20786 (GCVE-0-2022-20786)

    Vulnerability from cvelistv5 – Published: 2022-04-21 18:50 – Updated: 2024-11-06 16:23
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2022-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:47.908237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:23:08.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-21T18:50:22.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
            "defect": [
              [
                "CSCvy16643"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-04-20T23:00:00",
              "ID": "CVE-2022-20786",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
              "defect": [
                [
                  "CSCvy16643"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20786",
        "datePublished": "2022-04-21T18:50:23.035Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:23:08.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1363 (GCVE-0-2021-1363)

    Vulnerability from cvelistv5 – Published: 2021-05-06 12:42 – Updated: 2024-11-08 23:17
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2021-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:11:17.051Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1363",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-08T20:43:51.245678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-08T23:17:36.327Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-06T12:42:52.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inj-ereCOKjR",
            "defect": [
              [
                "CSCvv20957",
                "CSCvv21013"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-05-05T16:00:00",
              "ID": "CVE-2021-1363",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "7.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-inj-ereCOKjR",
              "defect": [
                [
                  "CSCvv20957",
                  "CSCvv21013"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1363",
        "datePublished": "2021-05-06T12:42:52.550Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-08T23:17:36.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1365 (GCVE-0-2021-1365)

    Vulnerability from cvelistv5 – Published: 2021-05-06 12:42 – Updated: 2024-11-08 23:17
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2021-05-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:11:16.956Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1365",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-08T20:43:54.547996Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-08T23:17:45.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-05-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-06T12:42:48.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inj-ereCOKjR",
            "defect": [
              [
                "CSCvv20957",
                "CSCvv21013"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-05-05T16:00:00",
              "ID": "CVE-2021-1365",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities are due to improper validation of user-submitted parameters. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "7.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210505 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerabilities",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-inj-ereCOKjR",
              "defect": [
                [
                  "CSCvv20957",
                  "CSCvv21013"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1365",
        "datePublished": "2021-05-06T12:42:48.284Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-08T23:17:45.414Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-27121 (GCVE-0-2020-27121)

    Vulnerability from cvelistv5 – Published: 2020-11-06 18:15 – Updated: 2024-11-13 17:44
    VLAI
    Title
    Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability
    Summary
    A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2020-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T16:11:35.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-27121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T17:22:36.184575Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T17:44:46.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T18:15:38.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-dos-uTx2dqu2",
            "defect": [
              [
                "CSCvv75814"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2020-11-04T16:00:00",
              "ID": "CVE-2020-27121",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-248"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20201104 Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-dos-uTx2dqu2"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-dos-uTx2dqu2",
              "defect": [
                [
                  "CSCvv75814"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-27121",
        "datePublished": "2020-11-06T18:15:38.587Z",
        "dateReserved": "2020-10-13T00:00:00.000Z",
        "dateUpdated": "2024-11-13T17:44:46.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }