Unity Express
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1114 | 0.04 | — | 0.10 | Feb 13, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. | |||
| CVE-2013-1120 | 0.03 | — | 0.01 | Feb 6, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910. | |||
| CVE-2018-15381 | 0.02 | — | 0.87 | Nov 8, 2018 | A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the… | |||
| CVE-2019-15986 | 0.00 | — | 0.00 | Nov 26, 2019 | A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to… | |||
| CVE-2006-2166 | 0.00 | — | 0.02 | May 4, 2006 | Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired… | |||
| CVE-2005-4794 | 0.00 | — | 0.02 | Dec 31, 2005 | Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. |
- CVE-2013-1114Feb 13, 2013risk 0.04cvss —epss 0.10
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
- CVE-2013-1120Feb 6, 2013risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
- CVE-2018-15381Nov 8, 2018risk 0.02cvss —epss 0.87
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the…
- CVE-2019-15986Nov 26, 2019risk 0.00cvss —epss 0.00
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to…
- CVE-2006-2166May 4, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired…
- CVE-2005-4794Dec 31, 2005risk 0.00cvss —epss 0.02
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.