Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for virtualized_voice_browser by cisco

    CVE-2025-20278 (GCVE-0-2025-20278)

    Vulnerability from nvd – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Cisco Unified Communications Products Command Injection Vulnerability
    Summary
    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES5
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: Recovery ISO
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
    Affected: 10.5(1)SU1
    Affected: 10.6(1)SU3
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.6(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T03:55:33.465322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:08.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "Recovery ISO"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:18:20.661Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-vos-command-inject-65s2UCYy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
            "defects": [
              "CSCwk24029"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Command Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20278",
        "datePublished": "2025-06-04T16:18:20.661Z",
        "dateReserved": "2024-10-10T19:15:13.246Z",
        "dateUpdated": "2026-02-26T17:51:08.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from nvd – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44228 (GCVE-0-2021-44228)

    Vulnerability from nvd – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
    Title
    Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
    Summary
    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://logging.apache.org/log4j/2.x/security.html
    http://www.openwall.com/lists/oss-security/2021/12/10/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/10/2 mailing-list
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/10/3 mailing-list
    https://security.netapp.com/advisory/ntap-2021121…
    http://packetstormsecurity.com/files/165225/Apach…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://www.oracle.com/security-alerts/alert-cve-…
    https://www.debian.org/security/2021/dsa-5020 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://msrc-blog.microsoft.com/2021/12/11/micros… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/13/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/13/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/14/4 mailing-list
    https://www.kb.cert.org/vuls/id/930724 third-party-advisory
    https://twitter.com/kurtseifried/status/146934553…
    https://cert-portal.siemens.com/productcert/pdf/s…
    http://packetstormsecurity.com/files/165260/VMwar…
    http://packetstormsecurity.com/files/165270/Apach…
    http://packetstormsecurity.com/files/165261/Apach…
    https://www.intel.com/content/www/us/en/security-…
    http://www.openwall.com/lists/oss-security/2021/12/15/3 mailing-list
    http://packetstormsecurity.com/files/165282/Log4j…
    http://packetstormsecurity.com/files/165281/Log4j…
    http://packetstormsecurity.com/files/165307/Log4j…
    http://packetstormsecurity.com/files/165311/log4j…
    http://packetstormsecurity.com/files/165306/L4sh-…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://packetstormsecurity.com/files/165371/VMwar…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujan2022.html
    http://packetstormsecurity.com/files/165532/Log4S…
    https://github.com/cisagov/log4j-affected-db/blob…
    http://packetstormsecurity.com/files/165642/VMwar…
    http://packetstormsecurity.com/files/165673/UniFi…
    http://seclists.org/fulldisclosure/2022/Mar/23 mailing-list
    https://www.bentley.com/en/common-vulnerability-e…
    https://github.com/cisagov/log4j-affected-db
    https://support.apple.com/kb/HT213189
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://github.com/nu11secur1ty/CVE-mitre/tree/ma…
    https://www.nu11secur1ty.com/2021/12/cve-2021-442…
    http://seclists.org/fulldisclosure/2022/Jul/11 mailing-list
    http://packetstormsecurity.com/files/167794/Open-…
    http://packetstormsecurity.com/files/167917/Mobil…
    http://seclists.org/fulldisclosure/2022/Dec/2 mailing-list
    http://packetstormsecurity.com/files/171626/AD-Ma…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j2 Affected: 2.0-beta9 , < log4j-core* (custom)
    Create a notification for this product.
    Credits
    This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:24.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://logging.apache.org/log4j/2.x/security.html"
              },
              {
                "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
              },
              {
                "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
              },
              {
                "name": "FEDORA-2021-f0f501d01f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
              },
              {
                "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
              },
              {
                "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
              },
              {
                "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
              },
              {
                "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
              },
              {
                "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
              },
              {
                "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
              },
              {
                "name": "FEDORA-2021-66d6c484f3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
              },
              {
                "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213189"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
              },
              {
                "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
              },
              {
                "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44228",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:25:34.416117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-12-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:23.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-12-10T00:00:00.000Z",
                "value": "CVE-2021-44228 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j2",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.3.1",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.4",
                      "status": "affected"
                    },
                    {
                      "at": "2.12.2",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.13.0",
                      "status": "affected"
                    },
                    {
                      "at": "2.15.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "log4j-core*",
                  "status": "affected",
                  "version": "2.0-beta9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "critical"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
            },
            {
              "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
            },
            {
              "name": "FEDORA-2021-f0f501d01f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
            },
            {
              "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
            },
            {
              "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
            },
            {
              "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "FEDORA-2021-66d6c484f3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            },
            {
              "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db"
            },
            {
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
            },
            {
              "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
            },
            {
              "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
            },
            {
              "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-44228",
        "datePublished": "2021-12-10T00:00:00.000Z",
        "dateReserved": "2021-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:23.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1575 (GCVE-0-2021-1575)

    Vulnerability from nvd – Published: 2021-07-08 18:30 – Updated: 2024-11-07 22:07
    VLAI
    Title
    Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:18:10.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210707 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1575",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:41:28.920055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T22:07:36.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-08T18:30:18.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20210707 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vvb-xss-wG4zXRp3",
            "defect": [
              [
                "CSCvx89188"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-07-07T16:00:00",
              "ID": "CVE-2021-1575",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Virtualized Voice Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210707 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-vvb-xss-wG4zXRp3",
              "defect": [
                [
                  "CSCvx89188"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1575",
        "datePublished": "2021-07-08T18:30:18.612Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-07T22:07:36.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6779 (GCVE-0-2017-6779)

    Vulnerability from nvd – Published: 2018-06-07 12:00 – Updated: 2024-11-29 15:07
    VLAI
    Summary
    Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Multiple Cisco Products unknown Affected: Multiple Cisco Products unknown
    Date Public
    2018-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:41:17.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-6779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T14:43:53.428544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T15:07:21.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple Cisco Products unknown",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple Cisco Products unknown"
                }
              ]
            }
          ],
          "datePublic": "2018-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-399",
                  "description": "CWE-399",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T11:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2017-6779",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple Cisco Products unknown",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple Cisco Products unknown"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-399"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos",
                  "refsource": "CONFIRM",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-6779",
        "datePublished": "2018-06-07T12:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-11-29T15:07:21.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20278 (GCVE-0-2025-20278)

    Vulnerability from cvelistv5 – Published: 2025-06-04 16:18 – Updated: 2026-02-26 17:51
    VLAI
    Title
    Cisco Unified Communications Products Command Injection Vulnerability
    Summary
    A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Finesse Affected: 11.0(1)ES_Rollback
    Affected: 10.5(1)ES4
    Affected: 11.6(1)ES3
    Affected: 11.0(1)ES2
    Affected: 12.0(1)ES2
    Affected: 10.5(1)ES3
    Affected: 11.0(1)
    Affected: 11.6(1)FIPS
    Affected: 11.6(1)ES4
    Affected: 11.0(1)ES3
    Affected: 10.5(1)ES6
    Affected: 11.0(1)ES7
    Affected: 11.5(1)ES4
    Affected: 10.5(1)ES8
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 10.5(1)ES10
    Affected: 11.6(1)ES2
    Affected: 11.6(1)ES
    Affected: 11.0(1)ES6
    Affected: 11.0(1)ES4
    Affected: 12.0(1)
    Affected: 11.6(1)ES7
    Affected: 10.5(1)ES7
    Affected: 11.6(1)ES8
    Affected: 11.5(1)ES1
    Affected: 11.6(1)ES1
    Affected: 11.5(1)ES5
    Affected: 11.0(1)ES1
    Affected: 10.5(1)
    Affected: 11.6(1)ES6
    Affected: 10.5(1)ES2
    Affected: 12.0(1)ES1
    Affected: 11.0(1)ES5
    Affected: 10.5(1)ES5
    Affected: 11.5(1)ES3
    Affected: 11.5(1)ES2
    Affected: 10.5(1)ES9
    Affected: 11.6(1)ES5
    Affected: 11.6(1)ES9
    Affected: 11.5(1)ES6
    Affected: 10.5(1)ES1
    Affected: 12.5(1)
    Affected: 12.0(1)ES3
    Affected: 11.6(1)ES10
    Affected: 12.5(1)ES1
    Affected: 12.5(1)ES2
    Affected: 12.0(1)ES4
    Affected: 12.5(1)ES3
    Affected: 12.0(1)ES5
    Affected: 12.5(1)ES4
    Affected: 12.0(1)ES6
    Affected: 12.5(1)ES5
    Affected: 12.5(1)ES6
    Affected: 12.0(1)ES7
    Affected: 12.6(1)
    Affected: 12.5(1)ES7
    Affected: 11.6(1)ES11
    Affected: 12.6(1)ES1
    Affected: 12.0(1)ES8
    Affected: 12.5(1)ES8
    Affected: 12.6(1)ES2
    Affected: 12.6(1)ES3
    Affected: 12.6(1)ES4
    Affected: 12.6(1)ES5
    Affected: 12.5(2)
    Affected: 12.5(1)_SU
    Affected: 12.5(1)SU
    Affected: 12.6(1)ES6
    Affected: 12.5(1)SU ES1
    Affected: 12.6(1)ES7
    Affected: 12.6(1)ES7_ET
    Affected: 12.6(2)
    Affected: 12.6(1)ES8
    Affected: 12.6(1)ES9
    Affected: 12.6(2)ES1
    Affected: 12.6(1)ES10
    Affected: 12.5(1)SU ES2
    Affected: 12.6(1)ES11
    Affected: 12.6(2)ES2
    Affected: 12.6(2)ES3
    Affected: 12.5(1)SU ES3
    Affected: 12.6(2)ES4
    Affected: 12.6(2)ES5
    Create a notification for this product.
    Cisco Cisco SocialMiner Affected: 12.5(1)ES01
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 10.6(1)
    Affected: 12.0(1)ES04
    Affected: 10.6(2)
    Affected: 12.5(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.0(1)ES02
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 12.0(1)ES03
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.5(1)SU2
    Affected: 12.5(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 14SU4a
    Affected: 15SU1a
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 15
    Affected: Recovery ISO
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 10.6(1)
    Affected: 10.5(1)SU1
    Affected: 10.6(1)SU3
    Affected: 12.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.6(1)SU1
    Affected: 11.0(1)SU1
    Affected: 11.5(1)SU1
    Affected: 10.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)_SU02_ES01
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.0(1)ES04
    Affected: 12.5(1)ES02
    Affected: 12.5(1)ES03
    Affected: 11.6(2)ES06
    Affected: 12.5(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES01
    Affected: 11.6(2)ES05
    Affected: 12.0(1)ES02
    Affected: 11.6(2)ES04
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES01
    Affected: 10.6(1)SU3ES03
    Affected: 11.0(1)SU1ES03
    Affected: 10.6(1)SU3ES01
    Affected: 10.5(1)SU1ES10
    Affected: 10.0(1)SU1ES04
    Affected: 11.5(1)SU1ES03
    Affected: 11.6(1)ES02
    Affected: 11.5(1)ES01
    Affected: 9.0(2)SU3ES04
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU2ES04
    Affected: 11.6(1)ES01
    Affected: 10.6(1)SU3ES02
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 8.5(1)
    Affected: 11.0(1)SU1ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 12.5(1)_SU03_ES05
    Affected: 12.5(1)_SU03_ES06
    Create a notification for this product.
    Cisco Cisco Unified Intelligence Center Affected: 11.6(1)
    Affected: 10.5(1)
    Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 11.0(2)
    Affected: 12.6(1)
    Affected: 12.5(1)SU
    Affected: 12.6(1)_ET
    Affected: 12.6(1)_ES05_ET
    Affected: 11.0(3)
    Affected: 12.6(2)
    Affected: 12.6(2)_504_Issue_ET
    Affected: 12.6.1_ExcelIssue_ET
    Affected: 12.6(2)_Permalink_ET
    Affected: 12.6.2_CSCwk19536_ET
    Affected: 12.6.2_CSCwm96922_ET
    Affected: 12.6.2_Amq_OOS_ET
    Affected: 12.5(2)ET_CSCwi79933
    Affected: 12.6(2)_ET
    Affected: 12.6.2_CSCwn48501_ET
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 14
    Affected: 12.5(1)SU5
    Affected: 14SU1
    Affected: 12.5(1)SU6
    Affected: 14SU2
    Affected: 12.5(1)SU7
    Affected: 14SU3
    Affected: 12.5(1)SU8
    Affected: 14SU3a
    Affected: 12.5(1)SU8a
    Affected: 15
    Affected: 15SU1
    Affected: 14SU4
    Affected: 12.5(1)SU9
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.6(1)_ES84
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)
    Affected: 11.5(1)ES36
    Affected: 12.0(1)_ES01
    Affected: 11.6(1)_ES85
    Affected: 12.5(1)_ES05
    Affected: 11.5(1)_ES32
    Affected: 11.6(1)_ES83
    Affected: 11.5(1)_ES29
    Affected: 12.0(1)_ES06
    Affected: 12.5(1)
    Affected: 12.0(1)_ES07
    Affected: 11.6(1)_ES80
    Affected: 12.0(1)_ES05
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)_ES53
    Affected: 12.5(1)_ES08
    Affected: 11.5(1)ES43
    Affected: 12.0(1)_ES03
    Affected: 11.6(1)_ES86
    Affected: 12.0(1)_ES04
    Affected: 11.5(1)ES27
    Affected: 12.5(1)_ES03
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES06
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)
    Affected: 11.5(1)ES29
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES81
    Affected: 12.0(1)
    Affected: 11.6(1)_ES22
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)ES32
    Affected: 12.0(1)_ES02
    Affected: 12.5(1)_ES02
    Affected: 12.6(1)
    Affected: 12.5(1)_ES09
    Affected: 12.6(1)_ES01
    Affected: 12.0(1)_ES08
    Affected: 12.5(1)_ES10
    Affected: 12.6(1)_ES02
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.6(1)_ES03
    Affected: 12.5(1)_ES13
    Affected: 12.5(1)_ES14
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES05
    Affected: 12.5(1)_ES15
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ET
    Affected: 12.5(1)_ES16
    Affected: 12.5(1)SU
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.6(1)_ES07
    Affected: 12.6(2)
    Affected: 12.5(1)_ES17
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES10
    Affected: 12.5(1)_SU_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(2)_ET01
    Affected: 12.5(2)_ET
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ET_Streaming
    Affected: 12.6(2)ET_Transcribe
    Affected: 12.6(2)_ES03
    Affected: 12.6(2)ET_NuanceMix
    Affected: 12.6(2)ET_FileUpload
    Affected: 12.6(2)_ET02
    Affected: 12.6(2)_ES04
    Affected: 12.6.2ET_RTPfallback
    Affected: 12.6.2ET_CSCwf55306
    Affected: 12.6.2_ET_CSCwj36712
    Affected: 12.5.2 ET-CSCwj33374
    Affected: 12.5(1) SU ET
    Affected: 12.6(2)ET_CSCwj87296
    Affected: 12.6(2)_ES05
    Affected: 12.5.2_ET_CSCvz27014
    Affected: 12.6(2)_ET
    Affected: 12.6.2-ET
    Affected: 12.6(2)ET_CSCwk83135
    Affected: 12.6.2_ET_CX_ALAW
    Affected: 12.6.2-ET01-SSL
    Affected: 12.6(2)_ES06
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-06T03:55:33.465322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:51:08.371Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Finesse",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)ES_Rollback"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)FIPS"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES5"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES7_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES8"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES9"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)ES11"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES2"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU ES3"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES4"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ES5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco SocialMiner",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "14SU4a"
                },
                {
                  "status": "affected",
                  "version": "15SU1a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "Recovery ISO"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES06"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unified Intelligence Center",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05_ET"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_504_Issue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.1_ExcelIssue_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_Permalink_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwk19536_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwm96922_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_Amq_OOS_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)ET_CSCwi79933"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_CSCwn48501_ET"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "14SU3a"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU8a"
                },
                {
                  "status": "affected",
                  "version": "15"
                },
                {
                  "status": "affected",
                  "version": "15SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU9"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES13"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES16"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES17"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET_Streaming"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_Transcribe"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_NuanceMix"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_FileUpload"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_RTPfallback"
                },
                {
                  "status": "affected",
                  "version": "12.6.2ET_CSCwf55306"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CSCwj36712"
                },
                {
                  "status": "affected",
                  "version": "12.5.2 ET-CSCwj33374"
                },
                {
                  "status": "affected",
                  "version": "12.5(1) SU ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwj87296"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.5.2_ET_CSCvz27014"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)ET_CSCwk83135"
                },
                {
                  "status": "affected",
                  "version": "12.6.2_ET_CX_ALAW"
                },
                {
                  "status": "affected",
                  "version": "12.6.2-ET01-SSL"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES06"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-04T16:18:20.661Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-vos-command-inject-65s2UCYy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
            "defects": [
              "CSCwk24029"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco Unified Communications Products Command Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20278",
        "datePublished": "2025-06-04T16:18:20.661Z",
        "dateReserved": "2024-10-10T19:15:13.246Z",
        "dateUpdated": "2026-02-26T17:51:08.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-20253 (GCVE-0-2024-20253)

    Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
    VLAI
    Summary
    A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Unified Contact Center Enterprise Affected: N/A
    Create a notification for this product.
    Cisco Cisco Unity Connection Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager Affected: 12.0(1)SU1
    Affected: 12.0(1)SU2
    Affected: 12.0(1)SU3
    Affected: 12.0(1)SU4
    Affected: 12.0(1)SU5
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 12.5(1)SU7a
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Create a notification for this product.
    Cisco Cisco Unified Contact Center Express Affected: 8.5(1)
    Affected: 9.0(2)SU3ES04
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU1ES04
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1ES10
    Affected: 10.6(1)
    Affected: 10.6(1)SU1
    Affected: 10.6(1)SU3
    Affected: 10.6(1)SU2
    Affected: 10.6(1)SU3ES03
    Affected: 10.6(1)SU2ES04
    Affected: 10.6(1)SU3ES02
    Affected: 10.6(1)SU3ES01
    Affected: 11.0(1)SU1
    Affected: 11.0(1)SU1ES03
    Affected: 11.0(1)SU1ES02
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU1ES02
    Affected: 11.5(1)SU1ES01
    Affected: 11.5(1)SU1ES03
    Affected: 11.5(1)ES01
    Affected: 12.0(1)
    Affected: 12.0(1)ES01
    Affected: 12.0(1)ES03
    Affected: 12.0(1)ES04
    Affected: 12.0(1)ES02
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)_SU01_ES03
    Affected: 12.5(1)ES03
    Affected: 12.5(1)_SU01_ES01
    Affected: 12.5(1)_SU02_ES02
    Affected: 12.5(1)_SU01_ES02
    Affected: 12.5(1)_SU02_ES03
    Affected: 12.5(1)ES01
    Affected: 12.5(1)_SU02_ES01
    Affected: 12.5(1)ES02
    Affected: 12.5(1)_SU03_ES01
    Affected: 12.5(1)_SU02_ES04
    Affected: 12.5(1)_SU03_ES02
    Affected: 12.5(1)_SU03_ES03
    Affected: 12.5(1)_SU03_ES04
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 11.6(1)ES01
    Affected: 11.6(2)ES06
    Affected: 11.6(1)ES02
    Affected: 11.6(2)ES01
    Affected: 11.6(2)ES03
    Affected: 11.6(2)ES07
    Affected: 11.6(2)ES08
    Affected: 11.6(2)ES02
    Affected: 11.6(2)ES05
    Affected: 11.6(2)ES04
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager IM and Presence Service Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(2a)
    Affected: 10.5(2b)
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU4
    Affected: 10.5(1)SU3
    Affected: 10.5(1)SU1
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(1)SU2
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU5a
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 11.0(1)
    Affected: 11.0(1)SU1
    Affected: 12.5(1)
    Affected: 12.5(1)SU1
    Affected: 12.5(1)SU2
    Affected: 12.5(1)SU3
    Affected: 12.5(1)SU4
    Affected: 12.5(1)SU5
    Affected: 12.5(1)SU6
    Affected: 12.5(1)SU7
    Affected: 14
    Affected: 14SU1
    Affected: 14SU2
    Affected: 14SU2a
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Affected: 10.0(1)SU2
    Create a notification for this product.
    Cisco Cisco Virtualized Voice Browser Affected: 11.0(1)
    Affected: 11.5(1)
    Affected: 11.5(1)ES29
    Affected: 11.5(1)ES32
    Affected: 11.5(1)_ES43
    Affected: 11.5(1)_ES54
    Affected: 11.5(1)_ES27
    Affected: 11.5(1)ES36
    Affected: 11.5(1)_ES32
    Affected: 11.5(1)_ES29
    Affected: 11.5(1)_ES36
    Affected: 11.5(1)ES43
    Affected: 11.5(1)_ES53
    Affected: 11.5(1)ES27
    Affected: 11.6(1)
    Affected: 11.6(1)_ES82
    Affected: 11.6(1)_ES22
    Affected: 11.6(1)_ES81
    Affected: 11.6(1)_ES87
    Affected: 11.6(1)_ES84
    Affected: 11.6(1)_ES85
    Affected: 11.6(1)_ES83
    Affected: 11.6(1)_ES80
    Affected: 11.6(1)_ES86
    Affected: 11.6(1)_ES88
    Affected: 12.5(1)_ES04
    Affected: 12.5(1)_ES07
    Affected: 12.5(1)_ES02
    Affected: 12.5(1)
    Affected: 12.5(1)_ES08
    Affected: 12.5(1)_ES03
    Affected: 12.5(1)_ES06
    Affected: 12.5(1)_ES09
    Affected: 12.5(1)_ES14
    Affected: 12.5(1)SU
    Affected: 12.5(1)_ES15
    Affected: 12.5(1)_SU
    Affected: 12.5(1)_SU_ES01
    Affected: 12.5(1)_ES11
    Affected: 12.5(1)_ES12
    Affected: 12.5(2)_ET
    Affected: 12.5(1)_SU_ES02
    Affected: 12.5(1)_ES10
    Affected: 12.0(1)
    Affected: 12.0(1)_ES02
    Affected: 12.0(1)_ES01
    Affected: 12.0(1)_ES06
    Affected: 12.0(1)_ES07
    Affected: 12.0(1)_ES05
    Affected: 12.0(1)_ES04
    Affected: 12.0(1)_ES03
    Affected: 12.0(1)_ES08
    Affected: 12.6(1)
    Affected: 12.6(1)_ES04
    Affected: 12.6(1)_ES03
    Affected: 12.6(1)_ES09
    Affected: 12.6(1)_ES06
    Affected: 12.6(1)_ES08
    Affected: 12.6(1)_ES05
    Affected: 12.6(2)_ES03
    Affected: 12.6(1)_ES02
    Affected: 12.6(1)_ES01
    Affected: 12.6(2)
    Affected: 12.6(2)_ET01
    Affected: 12.6(2)_ES02
    Affected: 12.6(2)_ES01
    Affected: 12.6(1)_ES07
    Create a notification for this product.
    Cisco Cisco Packaged Contact Center Enterprise Affected: 10.5(1)
    Affected: 10.5(2)
    Affected: 10.5(1)_ES7
    Affected: 10.5(2)_ES8
    Affected: 11.0(1)
    Affected: 11.0(2)
    Affected: 11.5(1)
    Affected: 11.6(1)
    Affected: 11.6(2)
    Affected: 12.0(1)
    Affected: 12.5(1)
    Affected: 12.5(2)
    Affected: 12.6(1)
    Affected: 12.6(2)
    Create a notification for this product.
    Cisco Cisco Unified Communications Manager / Cisco Unity Connection Affected: 10.5(2)SU10
    Affected: 10.5(1)
    Affected: 10.5(1)SU1
    Affected: 10.5(1)SU1a
    Affected: 10.5(2)
    Affected: 10.5(2)SU1
    Affected: 10.5(2)SU2
    Affected: 10.5(2)SU3
    Affected: 10.5(2)SU4
    Affected: 10.5(2)SU5
    Affected: 10.5(2)SU6
    Affected: 10.5(2)SU7
    Affected: 10.5(2)SU8
    Affected: 10.5(2)SU9
    Affected: 10.5(2)SU2a
    Affected: 10.5(2)SU3a
    Affected: 10.5(2)SU4a
    Affected: 10.5(2)SU6a
    Affected: 11.0(1)
    Affected: 11.0(1a)
    Affected: 11.0(1a)SU1
    Affected: 11.0(1a)SU2
    Affected: 11.0(1a)SU3
    Affected: 11.0(1a)SU3a
    Affected: 11.0(1a)SU4
    Affected: 11.0.1
    Affected: 11.0.2
    Affected: 11.0.5
    Affected: 11.5(1)
    Affected: 11.5(1)SU1
    Affected: 11.5(1)SU2
    Affected: 11.5(1)SU3
    Affected: 11.5(1)SU3a
    Affected: 11.5(1)SU3b
    Affected: 11.5(1)SU4
    Affected: 11.5(1)SU5
    Affected: 11.5(1)SU6
    Affected: 11.5(1)SU7
    Affected: 11.5(1)SU8
    Affected: 11.5(1)SU9
    Affected: 11.5(1)SU10
    Affected: 11.5(1)SU11
    Affected: 10.0(1)SU2
    Affected: 10.0(1)
    Affected: 10.0(1)SU1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-cucm-rce-bWNzQcUm",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:42:43.844502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-29T15:12:21.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Unified Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "product": "Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7a"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                }
              ]
            },
            {
              "product": "Cisco Unified Contact Center Express",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.5(1)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SU3ES04"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1ES04"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1ES10"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES03"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU2ES04"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES02"
                },
                {
                  "status": "affected",
                  "version": "10.6(1)SU3ES01"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES02"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES01"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1ES03"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU01_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU02_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU03_ES04"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES06"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES01"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES03"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES07"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES08"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES02"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES05"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)ES04"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager IM and Presence Service",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2a)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2b)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "14"
                },
                {
                  "status": "affected",
                  "version": "14SU1"
                },
                {
                  "status": "affected",
                  "version": "14SU2"
                },
                {
                  "status": "affected",
                  "version": "14SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                }
              ]
            },
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES54"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES27"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES32"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES29"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES36"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES43"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)_ES53"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)ES27"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES82"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES22"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES81"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES87"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES84"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES85"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES83"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES80"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES86"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)_ES88"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES14"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES15"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES11"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES12"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)_ET"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_SU_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)_ES10"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES07"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES04"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES09"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES06"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES08"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES05"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES03"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ET01"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES02"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)_ES01"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)_ES07"
                }
              ]
            },
            {
              "product": "Cisco Packaged Contact Center Enterprise",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)_ES7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)_ES8"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(1)"
                },
                {
                  "status": "affected",
                  "version": "11.6(2)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(2)"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.6(2)"
                }
              ]
            },
            {
              "product": "Cisco Unified Communications Manager / Cisco Unity Connection",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "10.5(2)SU10"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(1)SU1a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU1"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU5"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU7"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU8"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU9"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU2a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU3a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU4a"
                },
                {
                  "status": "affected",
                  "version": "10.5(2)SU6a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.0(1a)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.0.5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3a"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU3b"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU4"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU5"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU6"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU7"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU8"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU9"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU10"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SU11"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU2"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.0(1)SU1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-02T15:42:33.881Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-cucm-rce-bWNzQcUm",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
            }
          ],
          "source": {
            "advisory": "cisco-sa-cucm-rce-bWNzQcUm",
            "defects": [
              "CSCwe18830",
              "CSCwe18773",
              "CSCwe18840",
              "CSCwd64292",
              "CSCwd64245",
              "CSCwd64276"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20253",
        "datePublished": "2024-01-26T17:28:30.761Z",
        "dateReserved": "2023-11-08T15:08:07.622Z",
        "dateUpdated": "2025-05-29T15:12:21.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-44228 (GCVE-0-2021-44228)

    Vulnerability from cvelistv5 – Published: 2021-12-10 00:00 – Updated: 2025-10-21 23:25
    Title
    Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
    Summary
    Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://logging.apache.org/log4j/2.x/security.html
    http://www.openwall.com/lists/oss-security/2021/12/10/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/10/2 mailing-list
    https://tools.cisco.com/security/center/content/C… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/10/3 mailing-list
    https://security.netapp.com/advisory/ntap-2021121…
    http://packetstormsecurity.com/files/165225/Apach…
    https://psirt.global.sonicwall.com/vuln-detail/SN…
    https://www.oracle.com/security-alerts/alert-cve-…
    https://www.debian.org/security/2021/dsa-5020 vendor-advisory
    https://lists.debian.org/debian-lts-announce/2021… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://msrc-blog.microsoft.com/2021/12/11/micros… vendor-advisory
    http://www.openwall.com/lists/oss-security/2021/12/13/2 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/13/1 mailing-list
    http://www.openwall.com/lists/oss-security/2021/12/14/4 mailing-list
    https://www.kb.cert.org/vuls/id/930724 third-party-advisory
    https://twitter.com/kurtseifried/status/146934553…
    https://cert-portal.siemens.com/productcert/pdf/s…
    http://packetstormsecurity.com/files/165260/VMwar…
    http://packetstormsecurity.com/files/165270/Apach…
    http://packetstormsecurity.com/files/165261/Apach…
    https://www.intel.com/content/www/us/en/security-…
    http://www.openwall.com/lists/oss-security/2021/12/15/3 mailing-list
    http://packetstormsecurity.com/files/165282/Log4j…
    http://packetstormsecurity.com/files/165281/Log4j…
    http://packetstormsecurity.com/files/165307/Log4j…
    http://packetstormsecurity.com/files/165311/log4j…
    http://packetstormsecurity.com/files/165306/L4sh-…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    http://packetstormsecurity.com/files/165371/VMwar…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://cert-portal.siemens.com/productcert/pdf/s…
    https://www.oracle.com/security-alerts/cpujan2022.html
    http://packetstormsecurity.com/files/165532/Log4S…
    https://github.com/cisagov/log4j-affected-db/blob…
    http://packetstormsecurity.com/files/165642/VMwar…
    http://packetstormsecurity.com/files/165673/UniFi…
    http://seclists.org/fulldisclosure/2022/Mar/23 mailing-list
    https://www.bentley.com/en/common-vulnerability-e…
    https://github.com/cisagov/log4j-affected-db
    https://support.apple.com/kb/HT213189
    https://www.oracle.com/security-alerts/cpuapr2022.html
    https://github.com/nu11secur1ty/CVE-mitre/tree/ma…
    https://www.nu11secur1ty.com/2021/12/cve-2021-442…
    http://seclists.org/fulldisclosure/2022/Jul/11 mailing-list
    http://packetstormsecurity.com/files/167794/Open-…
    http://packetstormsecurity.com/files/167917/Mobil…
    http://seclists.org/fulldisclosure/2022/Dec/2 mailing-list
    http://packetstormsecurity.com/files/171626/AD-Ma…
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j2 Affected: 2.0-beta9 , < log4j-core* (custom)
    Create a notification for this product.
    Credits
    This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:17:24.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://logging.apache.org/log4j/2.x/security.html"
              },
              {
                "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
              },
              {
                "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
              },
              {
                "name": "DSA-5020",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2021/dsa-5020"
              },
              {
                "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
              },
              {
                "name": "FEDORA-2021-f0f501d01f",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
              },
              {
                "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
              },
              {
                "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
              },
              {
                "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
              },
              {
                "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
              },
              {
                "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
              },
              {
                "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
              },
              {
                "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
              },
              {
                "name": "FEDORA-2021-66d6c484f3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
              },
              {
                "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/cisagov/log4j-affected-db"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT213189"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
              },
              {
                "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
              },
              {
                "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 10,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-44228",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T14:25:34.416117Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-12-10",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:25:23.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-12-10T00:00:00.000Z",
                "value": "CVE-2021-44228 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j2",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.3.1",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.4",
                      "status": "affected"
                    },
                    {
                      "at": "2.12.2",
                      "status": "unaffected"
                    },
                    {
                      "at": "2.13.0",
                      "status": "affected"
                    },
                    {
                      "at": "2.15.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "log4j-core*",
                  "status": "affected",
                  "version": "2.0-beta9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "critical"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
            },
            {
              "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
            },
            {
              "name": "DSA-5020",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2021/dsa-5020"
            },
            {
              "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
            },
            {
              "name": "FEDORA-2021-f0f501d01f",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
            },
            {
              "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
            },
            {
              "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
            },
            {
              "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
            },
            {
              "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
            },
            {
              "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
            },
            {
              "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
            },
            {
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
            },
            {
              "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
            },
            {
              "name": "FEDORA-2021-66d6c484f3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
            },
            {
              "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
            },
            {
              "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            },
            {
              "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
            },
            {
              "url": "https://github.com/cisagov/log4j-affected-db"
            },
            {
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
            },
            {
              "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
            },
            {
              "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
            },
            {
              "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
            },
            {
              "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-44228",
        "datePublished": "2021-12-10T00:00:00.000Z",
        "dateReserved": "2021-11-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:25:23.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1575 (GCVE-0-2021-1575)

    Vulnerability from cvelistv5 – Published: 2021-07-08 18:30 – Updated: 2024-11-07 22:07
    VLAI
    Title
    Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:18:10.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20210707 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1575",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:41:28.920055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T22:07:36.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Virtualized Voice Browser",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-08T18:30:18.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20210707 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-vvb-xss-wG4zXRp3",
            "defect": [
              [
                "CSCvx89188"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-07-07T16:00:00",
              "ID": "CVE-2021-1575",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Virtualized Voice Browser",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20210707 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vvb-xss-wG4zXRp3"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-vvb-xss-wG4zXRp3",
              "defect": [
                [
                  "CSCvx89188"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1575",
        "datePublished": "2021-07-08T18:30:18.612Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-07T22:07:36.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6779 (GCVE-0-2017-6779)

    Vulnerability from cvelistv5 – Published: 2018-06-07 12:00 – Updated: 2024-11-29 15:07
    VLAI
    Summary
    Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Multiple Cisco Products unknown Affected: Multiple Cisco Products unknown
    Date Public
    2018-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:41:17.143Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-6779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-29T14:43:53.428544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-29T15:07:21.731Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple Cisco Products unknown",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Multiple Cisco Products unknown"
                }
              ]
            }
          ],
          "datePublic": "2018-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-399",
                  "description": "CWE-399",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T11:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2017-6779",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Multiple Cisco Products unknown",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Multiple Cisco Products unknown"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-399"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos",
                  "refsource": "CONFIRM",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2017-6779",
        "datePublished": "2018-06-07T12:00:00.000Z",
        "dateReserved": "2017-03-09T00:00:00.000Z",
        "dateUpdated": "2024-11-29T15:07:21.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }