Search

Find a vulnerability

Search criteria

    78 vulnerabilities found for unified_communications_manager_im_and_presence_service by cisco

    CVE-2026-20045 (GCVE-0-2026-20045)

    Vulnerability from nvd – Published: 2026-01-21 16:26 – Updated: 2026-02-26 14:44
    VLAI CISA KEVIntel
    Title
    Cisco Unified Communications Products Remote Code Execution Vulnerability
    Summary
    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.  Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15.0.1.13010-1
    Affected: 15.0.1.13011-1
    Affected: 15.0.1.13012-1
    Affected: 15.0.1.13013-1
    Affected: 15.0.1.13014-1
    Affected: 15.0.1.13015-1
    Affected: 15.0.1.13016-1
    Affected: 15.0.1.13017-1
    Affected: 15SU3a
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20045",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T04:55:44.107919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:34.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-21T00:00:00.000Z",
                "value": "CVE-2026-20045 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13010-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13011-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13012-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13013-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13014-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13015-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13016-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13017-1"
                },
                {
                  "status": "affected",
                  "version": "15SU3a"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\u0026nbsp;\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T20:33:31.808Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-voice-rce-mORhqY4b",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voice-rce-mORhqY4b",
            "defects": [
              "CSCwr21851"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20045",
        "datePublished": "2026-01-21T16:26:20.312Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-02-26T14:44:34.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20330 (GCVE-0-2025-20330)

    Vulnerability from nvd – Published: 2025-09-03 17:40 – Updated: 2026-02-26 17:49
    VLAI
    Title
    Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T03:55:45.935584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:49:45.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:40:43.960Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-xss-XQgu4HSG",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-xss-XQgu4HSG",
            "defects": [
              "CSCwm63865"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20330",
        "datePublished": "2025-09-03T17:40:43.960Z",
        "dateReserved": "2024-10-10T19:15:13.254Z",
        "dateUpdated": "2026-02-26T17:49:45.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20278 (GCVE-0-2025-20278)

    Vulnerability from nvd – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Cisco Unified Communications Products Command Injection Vulnerability
    Summary
    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES5
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: Recovery ISO
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
    Affected: 10.5(1)SU1
    Affected: 10.6(1)SU3
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.6(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T03:55:33.465322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:08.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "Recovery ISO"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:18:20.661Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-vos-command-inject-65s2UCYy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
            "defects": [
              "CSCwk24029"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Command Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20278",
        "datePublished": "2025-06-04T16:18:20.661Z",
        "dateReserved": "2024-10-10T19:15:13.246Z",
        "dateUpdated": "2026-02-26T17:51:08.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20457 (GCVE-0-2024-20457)

    Vulnerability from nvd – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:06
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 11.5(1)SU6
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU2
    Affected: 12.5(1)
    Affected: 10.5(2)SU2a
    Affected: 11.5(1)SU3a
    Affected: 10.0(1)SU2
    Affected: 10.5(2)SU2
    Affected: 11.0
    Affected: 10.5(2)SU3
    Affected: 10.5(1)SU3
    Affected: 11.5(1)SU1
    Affected: 11.0(1)
    Affected: 10.5(2)SU4
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU5
    Affected: 10.0(1)SU1
    Affected: 11.5(1)SU3
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU4
    Affected: 12.5(1)SU1
    Affected: 10.0(1)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU1
    Affected: 10.5(1)
    Affected: 10.5(2a)
    Affected: 11.5(1)
    Affected: 12.5(1)SU2
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 12.5(1)SU3
    Affected: 11.5(1)SU9
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 11.5(1)SU10
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 11.5(1)SU11
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:06:29.143075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T17:06:37.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:12.887Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-inf-disc-cUPKuA5n",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
            "defects": [
              "CSCwk31853"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20457",
        "datePublished": "2024-11-06T16:29:12.887Z",
        "dateReserved": "2023-11-08T15:08:07.679Z",
        "dateUpdated": "2024-11-06T17:06:37.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20310 (GCVE-0-2024-20310)

    Vulnerability from nvd – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IOS XE Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2a\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2a\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2b\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2b\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su11
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su11:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su8
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su8:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su9
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su9:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2a\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2b\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su9"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T17:58:41.263017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T16:23:39.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.851Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IOS XE Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:36:06.520Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
            "defects": [
              "CSCwf41335"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20310",
        "datePublished": "2024-04-03T16:19:40.031Z",
        "dateReserved": "2023-11-08T15:08:07.631Z",
        "dateUpdated": "2024-08-01T21:59:41.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from nvd – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20242 (GCVE-0-2023-20242)

    Vulnerability from nvd – Published: 2023-08-16 20:59 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 12.5(1)SU8
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU3
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:29.703Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
            "defects": [
              "CSCwh00875",
              "CSCwh02167"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20242",
        "datePublished": "2023-08-16T20:59:25.126Z",
        "dateReserved": "2022-10-27T18:47:50.370Z",
        "dateUpdated": "2024-08-02T09:05:35.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20108 (GCVE-0-2023-20108)

    Vulnerability from nvd – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack.
    CWE
    • CWE-789 - Uncontrolled Memory Allocation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Uncontrolled Memory Allocation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:44.711Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-dos-49GL7rzT",
            "defects": [
              "CSCvy16642"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20108",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-02T08:57:35.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20859 (GCVE-0-2022-20859)

    Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
    VLAI
    Title
    Cisco Unified Communications Products Access Control Vulnerability
    Summary
    A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:50.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:01.703536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:11:17.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:56.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucm-access-dMKvV2DY",
            "defect": [
              [
                "CSCvz16246",
                "CSCwc12673"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Access Control Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20859",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Access Control Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ucm-access-dMKvV2DY",
              "defect": [
                [
                  "CSCvz16246",
                  "CSCwc12673"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20859",
        "datePublished": "2022-07-06T20:30:56.958Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:11:17.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20815 (GCVE-0-2022-20815)

    Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:50.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:02.741443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:11:27.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:51.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-xss-ksKd5yfA",
            "defect": [
              [
                "CSCvy16646",
                "CSCvy52029",
                "CSCvy60442"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20815",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-xss-ksKd5yfA",
              "defect": [
                [
                  "CSCvy16646",
                  "CSCvy52029",
                  "CSCvy60442"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20815",
        "datePublished": "2022-07-06T20:30:51.324Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:11:27.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20800 (GCVE-0-2022-20800)

    Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:12
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:04.675020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:12:05.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:29.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-xss-RgH7MpKA",
            "defect": [
              [
                "CSCvy16638",
                "CSCvz33042",
                "CSCvz33979"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20800",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unity Connection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-xss-RgH7MpKA",
              "defect": [
                [
                  "CSCvy16638",
                  "CSCvz33042",
                  "CSCvz33979"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20800",
        "datePublished": "2022-07-06T20:30:29.396Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:12:05.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20791 (GCVE-0-2022-20791)

    Vulnerability from nvd – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:12
    VLAI
    Title
    Cisco Unified Communications Products Arbitrary File Read Vulnerability
    Summary
    A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:05.663098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:12:16.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:23.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-afr-YBFLNyzd",
            "defect": [
              [
                "CSCvz07265",
                "CSCvz32980"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Arbitrary File Read Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20791",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Arbitrary File Read Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-36"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-imp-afr-YBFLNyzd",
              "defect": [
                [
                  "CSCvz07265",
                  "CSCvz32980"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20791",
        "datePublished": "2022-07-06T20:30:23.819Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:12:16.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20786 (GCVE-0-2022-20786)

    Vulnerability from nvd – Published: 2022-04-21 18:50 – Updated: 2024-11-06 16:23
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2022-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:47.908237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:23:08.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-21T18:50:22.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
            "defect": [
              [
                "CSCvy16643"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-04-20T23:00:00",
              "ID": "CVE-2022-20786",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
              "defect": [
                [
                  "CSCvy16643"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20786",
        "datePublished": "2022-04-21T18:50:23.035Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:23:08.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44228 (GCVE-0-2021-44228)

    Vulnerability from nvd – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
    Title
    Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
    Summary
    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://logging.apache.org/log4j/2.x/security.html
    http://www.openwall.com/lists/oss-security/2021/12/10/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/10/2 mailing-list
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/10/3 mailing-list
    https://security.netapp.com/advisory/ntap-2021121…
    http://packetstormsecurity.com/files/165225/Apach…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://www.oracle.com/security-alerts/alert-cve-…
    https://www.debian.org/security/2021/dsa-5020 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://msrc-blog.microsoft.com/2021/12/11/micros… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/13/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/13/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/14/4 mailing-list
    https://www.kb.cert.org/vuls/id/930724 third-party-advisory
    https://twitter.com/kurtseifried/status/146934553…
    https://cert-portal.siemens.com/productcert/pdf/s…
    http://packetstormsecurity.com/files/165260/VMwar…
    http://packetstormsecurity.com/files/165270/Apach…
    http://packetstormsecurity.com/files/165261/Apach…
    https://www.intel.com/content/www/us/en/security-…
    http://www.openwall.com/lists/oss-security/2021/12/15/3 mailing-list
    http://packetstormsecurity.com/files/165282/Log4j…
    http://packetstormsecurity.com/files/165281/Log4j…
    http://packetstormsecurity.com/files/165307/Log4j…
    http://packetstormsecurity.com/files/165311/log4j…
    http://packetstormsecurity.com/files/165306/L4sh-…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://packetstormsecurity.com/files/165371/VMwar…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujan2022.html
    http://packetstormsecurity.com/files/165532/Log4S…
    https://github.com/cisagov/log4j-affected-db/blob…
    http://packetstormsecurity.com/files/165642/VMwar…
    http://packetstormsecurity.com/files/165673/UniFi…
    http://seclists.org/fulldisclosure/2022/Mar/23 mailing-list
    https://www.bentley.com/en/common-vulnerability-e…
    https://github.com/cisagov/log4j-affected-db
    https://support.apple.com/kb/HT213189
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://github.com/nu11secur1ty/CVE-mitre/tree/ma…
    https://www.nu11secur1ty.com/2021/12/cve-2021-442…
    http://seclists.org/fulldisclosure/2022/Jul/11 mailing-list
    http://packetstormsecurity.com/files/167794/Open-…
    http://packetstormsecurity.com/files/167917/Mobil…
    http://seclists.org/fulldisclosure/2022/Dec/2 mailing-list
    http://packetstormsecurity.com/files/171626/AD-Ma…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j2 Affected: 2.0-beta9 , < log4j-core* (custom)
    Create a notification for this product.
    Credits
    This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:24.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://logging.apache.org/log4j/2.x/security.html"
              },
              {
                "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
              },
              {
                "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
              },
              {
                "name": "FEDORA-2021-f0f501d01f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
              },
              {
                "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
              },
              {
                "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
              },
              {
                "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
              },
              {
                "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
              },
              {
                "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
              },
              {
                "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
              },
              {
                "name": "FEDORA-2021-66d6c484f3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
              },
              {
                "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213189"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
              },
              {
                "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
              },
              {
                "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44228",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:25:34.416117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-12-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:23.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-12-10T00:00:00.000Z",
                "value": "CVE-2021-44228 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j2",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.3.1",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.4",
                      "status": "affected"
                    },
                    {
                      "at": "2.12.2",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.13.0",
                      "status": "affected"
                    },
                    {
                      "at": "2.15.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "log4j-core*",
                  "status": "affected",
                  "version": "2.0-beta9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "critical"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
            },
            {
              "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
            },
            {
              "name": "FEDORA-2021-f0f501d01f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
            },
            {
              "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
            },
            {
              "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
            },
            {
              "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "FEDORA-2021-66d6c484f3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            },
            {
              "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db"
            },
            {
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
            },
            {
              "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
            },
            {
              "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
            },
            {
              "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-44228",
        "datePublished": "2021-12-10T00:00:00.000Z",
        "dateReserved": "2021-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:23.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34773 (GCVE-0-2021-34773)

    Vulnerability from nvd – Published: 2021-11-04 15:35 – Updated: 2024-11-07 21:43
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.167Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34773",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:39:42.356858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:43:41.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-04T15:35:14.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucm-csrf-xrTkDu3H",
            "defect": [
              [
                "CSCvy86674",
                "CSCvz73888"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-11-03T16:00:00",
              "ID": "CVE-2021-34773",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. These actions could include modifying the device configuration and deleting (but not creating) user accounts."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211103 Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-csrf-xrTkDu3H"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ucm-csrf-xrTkDu3H",
              "defect": [
                [
                  "CSCvy86674",
                  "CSCvz73888"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34773",
        "datePublished": "2021-11-04T15:35:14.948Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:43:41.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34701 (GCVE-0-2021-34701)

    Vulnerability from nvd – Published: 2021-11-04 15:40 – Updated: 2024-11-07 21:42
    VLAI
    Title
    Cisco Unified Communications Products Path Traversal Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-11-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.082Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211103 Cisco Unified Communications Products Path Traversal Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:39:34.487438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:42:34.419Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-04T15:40:34.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211103 Cisco Unified Communications Products Path Traversal Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-path-trav-dKCvktvO",
            "defect": [
              [
                "CSCvy64877",
                "CSCvy89690",
                "CSCvy89691"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Path Traversal Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-11-03T16:00:00",
              "ID": "CVE-2021-34701",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Path Traversal Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unity Connection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.3",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211103 Cisco Unified Communications Products Path Traversal Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-path-trav-dKCvktvO",
              "defect": [
                [
                  "CSCvy64877",
                  "CSCvy89690",
                  "CSCvy89691"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34701",
        "datePublished": "2021-11-04T15:40:34.136Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:42:34.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20045 (GCVE-0-2026-20045)

    Vulnerability from cvelistv5 – Published: 2026-01-21 16:26 – Updated: 2026-02-26 14:44
    VLAI CISA KEVIntel
    Title
    Cisco Unified Communications Products Remote Code Execution Vulnerability
    Summary
    A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.&nbsp; This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.&nbsp; Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15.0.1.13010-1
    Affected: 15.0.1.13011-1
    Affected: 15.0.1.13012-1
    Affected: 15.0.1.13013-1
    Affected: 15.0.1.13014-1
    Affected: 15.0.1.13015-1
    Affected: 15.0.1.13016-1
    Affected: 15.0.1.13017-1
    Affected: 15SU3a
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Affected: 15SU3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20045",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-22T04:55:44.107919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-21",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:34.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-21T00:00:00.000Z",
                "value": "CVE-2026-20045 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13010-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13011-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13012-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13013-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13014-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13015-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13016-1"
                },
                {
                  "status": "affected",
                  "version": "15.0.1.13017-1"
                },
                {
                  "status": "affected",
                  "version": "15SU3a"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                },
                {
                  "status": "affected",
                  "version": "15SU3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.\u0026nbsp;\r\nNote: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware of attempted exploitation of this vulnerability in the wild. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T20:33:31.808Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-voice-rce-mORhqY4b",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voice-rce-mORhqY4b",
            "defects": [
              "CSCwr21851"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2026-20045",
        "datePublished": "2026-01-21T16:26:20.312Z",
        "dateReserved": "2025-10-08T11:59:15.354Z",
        "dateUpdated": "2026-02-26T14:44:34.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20330 (GCVE-0-2025-20330)

    Vulnerability from cvelistv5 – Published: 2025-09-03 17:40 – Updated: 2026-02-26 17:49
    VLAI
    Title
    Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Affected: 15SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20330",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-04T03:55:45.935584Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:49:45.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "15SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:40:43.960Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-xss-XQgu4HSG",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-xss-XQgu4HSG"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-xss-XQgu4HSG",
            "defects": [
              "CSCwm63865"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM and Presence Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20330",
        "datePublished": "2025-09-03T17:40:43.960Z",
        "dateReserved": "2024-10-10T19:15:13.254Z",
        "dateUpdated": "2026-02-26T17:49:45.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20278 (GCVE-0-2025-20278)

    Vulnerability from cvelistv5 – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Cisco Unified Communications Products Command Injection Vulnerability
    Summary
    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES5
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: Recovery ISO
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
    Affected: 10.5(1)SU1
    Affected: 10.6(1)SU3
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.6(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T03:55:33.465322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:08.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "Recovery ISO"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:18:20.661Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-vos-command-inject-65s2UCYy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
            "defects": [
              "CSCwk24029"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Command Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20278",
        "datePublished": "2025-06-04T16:18:20.661Z",
        "dateReserved": "2024-10-10T19:15:13.246Z",
        "dateUpdated": "2026-02-26T17:51:08.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20457 (GCVE-0-2024-20457)

    Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:06
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
    Summary
    A vulnerability in the logging component of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 11.5(1)SU6
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU2
    Affected: 12.5(1)
    Affected: 10.5(2)SU2a
    Affected: 11.5(1)SU3a
    Affected: 10.0(1)SU2
    Affected: 10.5(2)SU2
    Affected: 11.0
    Affected: 10.5(2)SU3
    Affected: 10.5(1)SU3
    Affected: 11.5(1)SU1
    Affected: 11.0(1)
    Affected: 10.5(2)SU4
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU5
    Affected: 10.0(1)SU1
    Affected: 11.5(1)SU3
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU4
    Affected: 12.5(1)SU1
    Affected: 10.0(1)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU1
    Affected: 10.5(1)
    Affected: 10.5(2a)
    Affected: 11.5(1)
    Affected: 12.5(1)SU2
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 12.5(1)SU3
    Affected: 11.5(1)SU9
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 11.5(1)SU10
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 11.5(1)SU11
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20457",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:06:29.143075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T17:06:37.800Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:12.887Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-imp-inf-disc-cUPKuA5n",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-inf-disc-cUPKuA5n",
            "defects": [
              "CSCwk31853"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20457",
        "datePublished": "2024-11-06T16:29:12.887Z",
        "dateReserved": "2023-11-08T15:08:07.679Z",
        "dateUpdated": "2024-11-06T17:06:37.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20310 (GCVE-0-2024-20310)

    Vulnerability from cvelistv5 – Published: 2024-04-03 16:19 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IOS XE Software Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2a\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2a\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2b\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2b\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.5\(2\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\(2\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su11
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su11:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su3a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su3a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su5a
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su5a:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su8
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su8:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.5\(1\)su9
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\(1\)su9:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 11.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su3
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su3:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su4
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su4:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su5
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su5:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su6
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su6:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 12.5\(1\)su7
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\(1\)su7:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 14.0su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\):*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su1
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su1:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco unified_communications_manager_im_and_presence_service Affected: 10.0\(1\)su2
        cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\(1\)su2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2a\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2a\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2b\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2b\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(2\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(2\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su11:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su11"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su3a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su3a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su5a:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su5a"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su8:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su8"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\)su9:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.5\\(1\\)su9"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su2"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su3"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su4"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su5"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su6"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.5\\(1\\)su7"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:14.0su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "14.0su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\):*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su1:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su1"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:10.0\\(1\\)su2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "unified_communications_manager_im_and_presence_service",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "10.0\\(1\\)su2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20310",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-03T17:58:41.263017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T16:23:39.427Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:41.851Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IOS XE Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "Relative Path Traversal",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T16:36:06.520Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imps-xss-quWkd9yF",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imps-xss-quWkd9yF"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imps-xss-quWkd9yF",
            "defects": [
              "CSCwf41335"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20310",
        "datePublished": "2024-04-03T16:19:40.031Z",
        "dateReserved": "2023-11-08T15:08:07.631Z",
        "dateUpdated": "2024-08-01T21:59:41.851Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20242 (GCVE-0-2023-20242)

    Vulnerability from cvelistv5 – Published: 2023-08-16 20:59 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 12.5(1)SU8
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU3
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.954Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:29.703Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-xss-QtT4VdsK",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-xss-QtT4VdsK",
            "defects": [
              "CSCwh00875",
              "CSCwh02167"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20242",
        "datePublished": "2023-08-16T20:59:25.126Z",
        "dateReserved": "2022-10-27T18:47:50.370Z",
        "dateUpdated": "2024-08-02T09:05:35.954Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20108 (GCVE-0-2023-20108)

    Vulnerability from cvelistv5 – Published: 2023-06-28 00:00 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&amp;P users who were authenticated prior to an attack.
    CWE
    • CWE-789 - Uncontrolled Memory Allocation
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM\u0026amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM\u0026amp;P users who were authenticated prior to an attack."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-789",
                  "description": "Uncontrolled Memory Allocation",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:44.711Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-imp-dos-49GL7rzT",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-dos-49GL7rzT"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-dos-49GL7rzT",
            "defects": [
              "CSCvy16642"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20108",
        "datePublished": "2023-06-28T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-08-02T08:57:35.889Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20859 (GCVE-0-2022-20859)

    Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
    VLAI
    Title
    Cisco Unified Communications Products Access Control Vulnerability
    Summary
    A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:50.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:01.703536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:11:17.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:56.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ucm-access-dMKvV2DY",
            "defect": [
              [
                "CSCvz16246",
                "CSCwc12673"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Access Control Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20859",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Access Control Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Access Control Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-access-dMKvV2DY"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ucm-access-dMKvV2DY",
              "defect": [
                [
                  "CSCvz16246",
                  "CSCwc12673"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20859",
        "datePublished": "2022-07-06T20:30:56.958Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:11:17.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20815 (GCVE-0-2022-20815)

    Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:11
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:50.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20815",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:02.741443Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:11:27.337Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:51.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-xss-ksKd5yfA",
            "defect": [
              [
                "CSCvy16646",
                "CSCvy52029",
                "CSCvy60442"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20815",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-ksKd5yfA"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-xss-ksKd5yfA",
              "defect": [
                [
                  "CSCvy16646",
                  "CSCvy52029",
                  "CSCvy60442"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20815",
        "datePublished": "2022-07-06T20:30:51.324Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:11:27.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20800 (GCVE-0-2022-20800)

    Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:12
    VLAI
    Title
    Cisco Unified Communications Products Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.663Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:04.675020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:12:05.975Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:29.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-xss-RgH7MpKA",
            "defect": [
              [
                "CSCvy16638",
                "CSCvz33042",
                "CSCvz33979"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20800",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unity Connection",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-RgH7MpKA"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-xss-RgH7MpKA",
              "defect": [
                [
                  "CSCvy16638",
                  "CSCvz33042",
                  "CSCvz33979"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20800",
        "datePublished": "2022-07-06T20:30:29.396Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:12:05.975Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20791 (GCVE-0-2022-20791)

    Vulnerability from cvelistv5 – Published: 2022-07-06 20:30 – Updated: 2024-11-06 16:12
    VLAI
    Title
    Cisco Unified Communications Products Arbitrary File Read Vulnerability
    Summary
    A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20791",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:05.663098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:12:16.607Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-06T20:30:23.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-imp-afr-YBFLNyzd",
            "defect": [
              [
                "CSCvz07265",
                "CSCvz32980"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Products Arbitrary File Read Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-07-06T16:00:00",
              "ID": "CVE-2022-20791",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Products Arbitrary File Read Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-36"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220706 Cisco Unified Communications Products Arbitrary File Read Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-afr-YBFLNyzd"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-cucm-imp-afr-YBFLNyzd",
              "defect": [
                [
                  "CSCvz07265",
                  "CSCvz32980"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20791",
        "datePublished": "2022-07-06T20:30:23.819Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:12:16.607Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20786 (GCVE-0-2022-20786)

    Vulnerability from cvelistv5 – Published: 2022-04-21 18:50 – Updated: 2024-11-06 16:23
    VLAI
    Title
    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Date Public
    2022-04-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20786",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:58:47.908237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:23:08.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-04-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-21T18:50:22.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
            }
          ],
          "source": {
            "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
            "defect": [
              [
                "CSCvy16643"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-04-20T23:00:00",
              "ID": "CVE-2022-20786",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Unified Communications Manager IM and Presence Service",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM \u0026amp; Presence Service (Unified CM IM\u0026amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.4",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220420 Cisco Unified Communications Manager IM \u0026 Presence Service SQL Injection Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-sqlinj-GrpUuQEJ"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-imp-sqlinj-GrpUuQEJ",
              "defect": [
                [
                  "CSCvy16643"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20786",
        "datePublished": "2022-04-21T18:50:23.035Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:23:08.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44228 (GCVE-0-2021-44228)

    Vulnerability from cvelistv5 – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
    Title
    Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
    Summary
    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://logging.apache.org/log4j/2.x/security.html
    http://www.openwall.com/lists/oss-security/2021/12/10/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/10/2 mailing-list
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/10/3 mailing-list
    https://security.netapp.com/advisory/ntap-2021121…
    http://packetstormsecurity.com/files/165225/Apach…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://www.oracle.com/security-alerts/alert-cve-…
    https://www.debian.org/security/2021/dsa-5020 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://msrc-blog.microsoft.com/2021/12/11/micros… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/13/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/13/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/14/4 mailing-list
    https://www.kb.cert.org/vuls/id/930724 third-party-advisory
    https://twitter.com/kurtseifried/status/146934553…
    https://cert-portal.siemens.com/productcert/pdf/s…
    http://packetstormsecurity.com/files/165260/VMwar…
    http://packetstormsecurity.com/files/165270/Apach…
    http://packetstormsecurity.com/files/165261/Apach…
    https://www.intel.com/content/www/us/en/security-…
    http://www.openwall.com/lists/oss-security/2021/12/15/3 mailing-list
    http://packetstormsecurity.com/files/165282/Log4j…
    http://packetstormsecurity.com/files/165281/Log4j…
    http://packetstormsecurity.com/files/165307/Log4j…
    http://packetstormsecurity.com/files/165311/log4j…
    http://packetstormsecurity.com/files/165306/L4sh-…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://packetstormsecurity.com/files/165371/VMwar…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujan2022.html
    http://packetstormsecurity.com/files/165532/Log4S…
    https://github.com/cisagov/log4j-affected-db/blob…
    http://packetstormsecurity.com/files/165642/VMwar…
    http://packetstormsecurity.com/files/165673/UniFi…
    http://seclists.org/fulldisclosure/2022/Mar/23 mailing-list
    https://www.bentley.com/en/common-vulnerability-e…
    https://github.com/cisagov/log4j-affected-db
    https://support.apple.com/kb/HT213189
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://github.com/nu11secur1ty/CVE-mitre/tree/ma…
    https://www.nu11secur1ty.com/2021/12/cve-2021-442…
    http://seclists.org/fulldisclosure/2022/Jul/11 mailing-list
    http://packetstormsecurity.com/files/167794/Open-…
    http://packetstormsecurity.com/files/167917/Mobil…
    http://seclists.org/fulldisclosure/2022/Dec/2 mailing-list
    http://packetstormsecurity.com/files/171626/AD-Ma…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j2 Affected: 2.0-beta9 , < log4j-core* (custom)
    Create a notification for this product.
    Credits
    This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:24.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://logging.apache.org/log4j/2.x/security.html"
              },
              {
                "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
              },
              {
                "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
              },
              {
                "name": "FEDORA-2021-f0f501d01f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
              },
              {
                "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
              },
              {
                "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
              },
              {
                "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
              },
              {
                "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
              },
              {
                "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
              },
              {
                "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
              },
              {
                "name": "FEDORA-2021-66d6c484f3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
              },
              {
                "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213189"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
              },
              {
                "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
              },
              {
                "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44228",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:25:34.416117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-12-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:23.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-12-10T00:00:00.000Z",
                "value": "CVE-2021-44228 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j2",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.3.1",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.4",
                      "status": "affected"
                    },
                    {
                      "at": "2.12.2",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.13.0",
                      "status": "affected"
                    },
                    {
                      "at": "2.15.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "log4j-core*",
                  "status": "affected",
                  "version": "2.0-beta9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "critical"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
            },
            {
              "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
            },
            {
              "name": "FEDORA-2021-f0f501d01f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
            },
            {
              "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
            },
            {
              "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
            },
            {
              "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "FEDORA-2021-66d6c484f3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            },
            {
              "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db"
            },
            {
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
            },
            {
              "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
            },
            {
              "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
            },
            {
              "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-44228",
        "datePublished": "2021-12-10T00:00:00.000Z",
        "dateReserved": "2021-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:23.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }