Vulnerability-Lookup - Search a vulnerability

CVE-2018-0290 (GCVE-0-2018-0290)

Vulnerability from cvelistv5

Published

2018-05-17 03:00

Modified

2024-11-29 15:09

Severity ?

CWE

CWE-399

Summary

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368.

References

►

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/104201	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco SocialMiner Notification System	Version: Cisco SocialMiner Notification System

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos"
          },
          {
            "name": "104201",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104201"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0290",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:57.677806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:09:08.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SocialMiner Notification System",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco SocialMiner Notification System"
            }
          ]
        }
      ],
      "datePublic": "2018-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-17T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos"
        },
        {
          "name": "104201",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104201"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0290",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SocialMiner Notification System",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco SocialMiner Notification System"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos"
            },
            {
              "name": "104201",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104201"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0290",
    "datePublished": "2018-05-17T03:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:09:08.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12337 (GCVE-0-2017-12337)

Vulnerability from cvelistv5

Published

2017-11-16 07:00

Modified

2024-08-05 18:36

Severity ?

CWE

CWE-287

Summary

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

References

►

URL

Tags

	http://www.securityfocus.com/bid/101865	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039815	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039817	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039814	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039818	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039819	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039820	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039813	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039816	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Voice Operating System	Version: Cisco Voice Operating System

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:56.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101865"
          },
          {
            "name": "1039815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039815"
          },
          {
            "name": "1039817",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
          },
          {
            "name": "1039814",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039814"
          },
          {
            "name": "1039818",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039818"
          },
          {
            "name": "1039819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039819"
          },
          {
            "name": "1039820",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039820"
          },
          {
            "name": "1039813",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039813"
          },
          {
            "name": "1039816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039816"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Voice Operating System",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Voice Operating System"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "101865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101865"
        },
        {
          "name": "1039815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039815"
        },
        {
          "name": "1039817",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
        },
        {
          "name": "1039814",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039814"
        },
        {
          "name": "1039818",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039818"
        },
        {
          "name": "1039819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039819"
        },
        {
          "name": "1039820",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039820"
        },
        {
          "name": "1039813",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039813"
        },
        {
          "name": "1039816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039816"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Voice Operating System",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Voice Operating System"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101865"
            },
            {
              "name": "1039815",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039815"
            },
            {
              "name": "1039817",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039817"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
            },
            {
              "name": "1039814",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039814"
            },
            {
              "name": "1039818",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039818"
            },
            {
              "name": "1039819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039819"
            },
            {
              "name": "1039820",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039820"
            },
            {
              "name": "1039813",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039813"
            },
            {
              "name": "1039816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039816"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12337",
    "datePublished": "2017-11-16T07:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:56.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-15435 (GCVE-0-2018-15435)

Vulnerability from cvelistv5

Published

2018-10-17 22:00

Modified

2024-11-26 14:23

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Summary

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

References

►

URL

Tags

	http://www.securityfocus.com/bid/105663	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco SocialMiner	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:54:03.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105663"
          },
          {
            "name": "20181017 Cisco SocialMiner Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-15435",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:47:28.650441Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:23:38.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SocialMiner",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "105663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105663"
        },
        {
          "name": "20181017 Cisco SocialMiner Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20181017-sm-xss",
        "defect": [
          [
            "CSCvm57165"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SocialMiner Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2018-10-17T16:00:00-0500",
          "ID": "CVE-2018-15435",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SocialMiner Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SocialMiner",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105663"
            },
            {
              "name": "20181017 Cisco SocialMiner Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20181017-sm-xss",
          "defect": [
            [
              "CSCvm57165"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-15435",
    "datePublished": "2018-10-17T22:00:00Z",
    "dateReserved": "2018-08-17T00:00:00",
    "dateUpdated": "2024-11-26T14:23:38.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-6356 (GCVE-0-2015-6356)

Vulnerability from cvelistv5

Published

2015-11-04 02:00

Modified

2024-08-06 07:22

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

References

►

URL

Tags

	http://www.securitytracker.com/id/1034048	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:20.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034048",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034048"
          },
          {
            "name": "20151103 Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T22:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1034048",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034048"
        },
        {
          "name": "20151103 Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034048",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034048"
            },
            {
              "name": "20151103 Cisco SocialMiner WeChat Page Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6356",
    "datePublished": "2015-11-04T02:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:20.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12216 (GCVE-0-2017-12216)

Vulnerability from cvelistv5

Published

2017-09-07 21:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-200

Summary

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039274	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/100664	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco SocialMiner	Version: Cisco SocialMiner

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.743Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039274",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin"
          },
          {
            "name": "100664",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100664"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SocialMiner",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco SocialMiner"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039274",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin"
        },
        {
          "name": "100664",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100664"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12216",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SocialMiner",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco SocialMiner"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039274",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039274"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin"
            },
            {
              "name": "100664",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100664"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12216",
    "datePublished": "2017-09-07T21:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.743Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6779 (GCVE-0-2017-6779)

Vulnerability from cvelistv5

Published

2018-06-07 12:00

Modified

2024-11-29 15:07

Severity ?

CWE

CWE-399

Summary

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

References

►

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Multiple Cisco Products unknown	Version: Multiple Cisco Products unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-6779",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:53.428544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:07:21.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple Cisco Products unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple Cisco Products unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-07T11:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple Cisco Products unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple Cisco Products unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6779",
    "datePublished": "2018-06-07T12:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-11-29T15:07:21.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5489 (GCVE-0-2013-5489)

Vulnerability from cvelistv5

Published

2013-09-13 10:00

Modified

2024-08-06 17:15

Severity ?

CWE

n/a

Summary

The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125.

References

►

URL

Tags

	http://tools.cisco.com/security/center/viewAlert.x?alertId=30734	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86965	vdb-entry, x_refsource_XF
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30734"
          },
          {
            "name": "cisco-socialminer-cve20135489-info-disc(86965)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86965"
          },
          {
            "name": "20130910 Cisco SocialMiner Sensitive Information GET Request Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30734"
        },
        {
          "name": "cisco-socialminer-cve20135489-info-disc(86965)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86965"
        },
        {
          "name": "20130910 Cisco SocialMiner Sensitive Information GET Request Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30734",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30734"
            },
            {
              "name": "cisco-socialminer-cve20135489-info-disc(86965)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86965"
            },
            {
              "name": "20130910 Cisco SocialMiner Sensitive Information GET Request Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5489",
    "datePublished": "2013-09-13T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20129 (GCVE-0-2025-20129)

Vulnerability from cvelistv5

Published

2025-06-04 16:17

Modified

2025-06-04 18:20

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd

Impacted products

Vendor

Product

Version

►

Cisco

Cisco SocialMiner

Version: 12.5(1)ES01
Version: 10.5(1)
Version: 11.6(1)
Version: 10.6(1)
Version: 12.0(1)ES04
Version: 10.6(2)
Version: 12.5(1)
Version: 11.6(2)
Version: 12.0(1)
Version: 12.0(1)ES02
Version: 11.0(1)
Version: 11.5(1)
Version: 11.5(1)SU1
Version: 12.0(1)ES03
Version: 12.5(1)SU3
Version: 12.5(1)SU1
Version: 12.5(1)SU2

Cisco

Cisco Unified Contact Center Express

Version: 10.6(1)
Version: 10.5(1)SU1
Version: 10.6(1)SU3
Version: 12.0(1)
Version: 10.0(1)SU1
Version: 10.6(1)SU1
Version: 11.0(1)SU1
Version: 11.5(1)SU1
Version: 10.5(1)
Version: 11.6(1)
Version: 11.6(2)
Version: 12.5(1)
Version: 12.5(1)SU1
Version: 12.5(1)SU2
Version: 12.5(1)SU3
Version: 12.5(1)_SU03_ES01
Version: 12.5(1)_SU03_ES02
Version: 12.5(1)_SU02_ES03
Version: 12.5(1)_SU02_ES04
Version: 12.5(1)_SU02_ES02
Version: 12.5(1)_SU01_ES02
Version: 12.5(1)_SU01_ES03
Version: 12.5(1)_SU02_ES01
Version: 11.6(2)ES07
Version: 11.6(2)ES08
Version: 12.5(1)_SU01_ES01
Version: 12.0(1)ES04
Version: 12.5(1)ES02
Version: 12.5(1)ES03
Version: 11.6(2)ES06
Version: 12.5(1)ES01
Version: 12.0(1)ES03
Version: 12.0(1)ES01
Version: 11.6(2)ES05
Version: 12.0(1)ES02
Version: 11.6(2)ES04
Version: 11.6(2)ES03
Version: 11.6(2)ES02
Version: 11.6(2)ES01
Version: 10.6(1)SU3ES03
Version: 11.0(1)SU1ES03
Version: 10.6(1)SU3ES01
Version: 10.5(1)SU1ES10
Version: 10.0(1)SU1ES04
Version: 11.5(1)SU1ES03
Version: 11.6(1)ES02
Version: 11.5(1)ES01
Version: 9.0(2)SU3ES04
Version: 10.6(1)SU2
Version: 10.6(1)SU2ES04
Version: 11.6(1)ES01
Version: 10.6(1)SU3ES02
Version: 11.5(1)SU1ES02
Version: 11.5(1)SU1ES01
Version: 8.5(1)
Version: 11.0(1)SU1ES02
Version: 12.5(1)_SU03_ES03
Version: 12.5(1)_SU03_ES04
Version: 12.5(1)_SU03_ES05
Version: 12.5(1)_SU03_ES06

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-04T18:13:19.983909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T18:20:18.190Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco SocialMiner",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "10.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T16:17:27.318Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ccp-info-disc-ZyGerQpd",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ccp-info-disc-ZyGerQpd",
        "defects": [
          "CSCwh43988"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Customer Collaboration Platform Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20129",
    "datePublished": "2025-06-04T16:17:27.318Z",
    "dateReserved": "2024-10-10T19:15:13.212Z",
    "dateUpdated": "2025-06-04T18:20:18.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5492 (GCVE-0-2013-5492)

Vulnerability from cvelistv5

Published

2013-09-13 10:00

Modified

2024-08-06 17:15

Severity ?

CWE

n/a

Summary

administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780.

References

►

URL

Tags

	http://www.securitytracker.com/id/1029033	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.708Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1029033",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029033"
          },
          {
            "name": "20130911 Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-11T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1029033",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029033"
        },
        {
          "name": "20130911 Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5492",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1029033",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029033"
            },
            {
              "name": "20130911 Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5492",
    "datePublished": "2013-09-13T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-5483 (GCVE-0-2013-5483)

Vulnerability from cvelistv5

Published

2013-09-08 01:00

Modified

2024-08-06 17:15

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868.

References

►

URL

Tags

	http://www.securitytracker.com/id/1028989	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/62252	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/86912	vdb-entry, x_refsource_XF
	http://tools.cisco.com/security/center/viewAlert.x?alertId=30674	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1028989",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028989"
          },
          {
            "name": "20130906 Cisco SocialMiner Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483"
          },
          {
            "name": "62252",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62252"
          },
          {
            "name": "cisco-socialminer-cve20135483-xss(86912)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86912"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30674"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1028989",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028989"
        },
        {
          "name": "20130906 Cisco SocialMiner Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483"
        },
        {
          "name": "62252",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62252"
        },
        {
          "name": "cisco-socialminer-cve20135483-xss(86912)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86912"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30674"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1028989",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028989"
            },
            {
              "name": "20130906 Cisco SocialMiner Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483"
            },
            {
              "name": "62252",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62252"
            },
            {
              "name": "cisco-socialminer-cve20135483-xss(86912)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86912"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30674",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30674"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5483",
    "datePublished": "2013-09-08T01:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-1668 (GCVE-0-2019-1668)

Vulnerability from cvelistv5

Published

2019-01-24 16:00

Modified

2024-11-21 19:46

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Summary

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

References

►

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/106720	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco SocialMiner	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.429Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
          },
          {
            "name": "106720",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106720"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1668",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:00:50.254304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:46:59.387Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SocialMiner",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-26T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
        },
        {
          "name": "106720",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106720"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190123-miner-chat-xss",
        "defect": [
          [
            "CSCvi52835",
            "CSCvn50066",
            "CSCvn59276"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-01-23T16:00:00-0800",
          "ID": "CVE-2019-1668",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SocialMiner",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
            },
            {
              "name": "106720",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106720"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190123-miner-chat-xss",
          "defect": [
            [
              "CSCvi52835",
              "CSCvn50066",
              "CSCvn59276"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1668",
    "datePublished": "2019-01-24T16:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:46:59.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6702 (GCVE-0-2017-6702)

Vulnerability from cvelistv5

Published

2017-07-04 00:00

Modified

2024-08-05 15:41

Severity ?

CWE

Cross-Site Scripting Vulnerability

Summary

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1).

References

►

URL

Tags

	http://www.securitytracker.com/id/1038738	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/99205	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco SocialMiner	Version: Cisco SocialMiner

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:16.005Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038738",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038738"
          },
          {
            "name": "99205",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco SocialMiner",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco SocialMiner"
            }
          ]
        }
      ],
      "datePublic": "2017-07-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-Site Scripting Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038738",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038738"
        },
        {
          "name": "99205",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6702",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco SocialMiner",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco SocialMiner"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Scripting Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038738",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038738"
            },
            {
              "name": "99205",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99205"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6702",
    "datePublished": "2017-07-04T00:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:16.005Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20278 (GCVE-0-2025-20278)

Vulnerability from cvelistv5

Published

2025-06-04 16:18

Modified

2025-06-06 03:55

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Finesse

Version: 11.0(1)ES_Rollback
Version: 10.5(1)ES4
Version: 11.6(1)ES3
Version: 11.0(1)ES2
Version: 12.0(1)ES2
Version: 10.5(1)ES3
Version: 11.0(1)
Version: 11.6(1)FIPS
Version: 11.6(1)ES4
Version: 11.0(1)ES3
Version: 10.5(1)ES6
Version: 11.0(1)ES7
Version: 11.5(1)ES4
Version: 10.5(1)ES8
Version: 11.5(1)
Version: 11.6(1)
Version: 10.5(1)ES10
Version: 11.6(1)ES2
Version: 11.6(1)ES
Version: 11.0(1)ES6
Version: 11.0(1)ES4
Version: 12.0(1)
Version: 11.6(1)ES7
Version: 10.5(1)ES7
Version: 11.6(1)ES8
Version: 11.5(1)ES1
Version: 11.6(1)ES1
Version: 11.5(1)ES5
Version: 11.0(1)ES1
Version: 10.5(1)
Version: 11.6(1)ES6
Version: 10.5(1)ES2
Version: 12.0(1)ES1
Version: 11.0(1)ES5
Version: 10.5(1)ES5
Version: 11.5(1)ES3
Version: 11.5(1)ES2
Version: 10.5(1)ES9
Version: 11.6(1)ES5
Version: 11.6(1)ES9
Version: 11.5(1)ES6
Version: 10.5(1)ES1
Version: 12.5(1)
Version: 12.0(1)ES3
Version: 11.6(1)ES10
Version: 12.5(1)ES1
Version: 12.5(1)ES2
Version: 12.0(1)ES4
Version: 12.5(1)ES3
Version: 12.0(1)ES5
Version: 12.5(1)ES4
Version: 12.0(1)ES6
Version: 12.5(1)ES5
Version: 12.5(1)ES6
Version: 12.0(1)ES7
Version: 12.6(1)
Version: 12.5(1)ES7
Version: 11.6(1)ES11
Version: 12.6(1)ES1
Version: 12.0(1)ES8
Version: 12.5(1)ES8
Version: 12.6(1)ES2
Version: 12.6(1)ES3
Version: 12.6(1)ES4
Version: 12.6(1)ES5
Version: 12.5(2)
Version: 12.5(1)_SU
Version: 12.5(1)SU
Version: 12.6(1)ES6
Version: 12.5(1)SU ES1
Version: 12.6(1)ES7
Version: 12.6(1)ES7_ET
Version: 12.6(2)
Version: 12.6(1)ES8
Version: 12.6(1)ES9
Version: 12.6(2)ES1
Version: 12.6(1)ES10
Version: 12.5(1)SU ES2
Version: 12.6(1)ES11
Version: 12.6(2)ES2
Version: 12.6(2)ES3
Version: 12.5(1)SU ES3
Version: 12.6(2)ES4
Version: 12.6(2)ES5

Cisco	Cisco SocialMiner	Version: 12.5(1)ES01 Version: 10.5(1) Version: 11.6(1) Version: 10.6(1) Version: 12.0(1)ES04 Version: 10.6(2) Version: 12.5(1) Version: 11.6(2) Version: 12.0(1) Version: 12.0(1)ES02 Version: 11.0(1) Version: 11.5(1) Version: 11.5(1)SU1 Version: 12.0(1)ES03 Version: 12.5(1)SU3 Version: 12.5(1)SU1 Version: 12.5(1)SU2
Cisco	Cisco Unified Communications Manager	Version: 12.5(1)SU2 Version: 12.5(1)SU1 Version: 12.5(1) Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14SU3 Version: 12.5(1)SU8 Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 14SU4a Version: 15SU1a Version: 12.5(1)SU9
Cisco	Cisco Unified Communications Manager IM and Presence Service	Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 14SU2a Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 15 Version: Recovery ISO Version: 15SU1 Version: 14SU4 Version: 12.5(1)SU9
Cisco	Cisco Unified Contact Center Express	Version: 10.6(1) Version: 10.5(1)SU1 Version: 10.6(1)SU3 Version: 12.0(1) Version: 10.0(1)SU1 Version: 10.6(1)SU1 Version: 11.0(1)SU1 Version: 11.5(1)SU1 Version: 10.5(1) Version: 11.6(1) Version: 11.6(2) Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)_SU03_ES01 Version: 12.5(1)_SU03_ES02 Version: 12.5(1)_SU02_ES03 Version: 12.5(1)_SU02_ES04 Version: 12.5(1)_SU02_ES02 Version: 12.5(1)_SU01_ES02 Version: 12.5(1)_SU01_ES03 Version: 12.5(1)_SU02_ES01 Version: 11.6(2)ES07 Version: 11.6(2)ES08 Version: 12.5(1)_SU01_ES01 Version: 12.0(1)ES04 Version: 12.5(1)ES02 Version: 12.5(1)ES03 Version: 11.6(2)ES06 Version: 12.5(1)ES01 Version: 12.0(1)ES03 Version: 12.0(1)ES01 Version: 11.6(2)ES05 Version: 12.0(1)ES02 Version: 11.6(2)ES04 Version: 11.6(2)ES03 Version: 11.6(2)ES02 Version: 11.6(2)ES01 Version: 10.6(1)SU3ES03 Version: 11.0(1)SU1ES03 Version: 10.6(1)SU3ES01 Version: 10.5(1)SU1ES10 Version: 10.0(1)SU1ES04 Version: 11.5(1)SU1ES03 Version: 11.6(1)ES02 Version: 11.5(1)ES01 Version: 9.0(2)SU3ES04 Version: 10.6(1)SU2 Version: 10.6(1)SU2ES04 Version: 11.6(1)ES01 Version: 10.6(1)SU3ES02 Version: 11.5(1)SU1ES02 Version: 11.5(1)SU1ES01 Version: 8.5(1) Version: 11.0(1)SU1ES02 Version: 12.5(1)_SU03_ES03 Version: 12.5(1)_SU03_ES04 Version: 12.5(1)_SU03_ES05 Version: 12.5(1)_SU03_ES06
Cisco	Cisco Unified Intelligence Center	Version: 11.6(1) Version: 10.5(1) Version: 11.0(1) Version: 11.5(1) Version: 12.0(1) Version: 12.5(1) Version: 11.0(2) Version: 12.6(1) Version: 12.5(1)SU Version: 12.6(1)_ET Version: 12.6(1)_ES05_ET Version: 11.0(3) Version: 12.6(2) Version: 12.6(2)_504_Issue_ET Version: 12.6.1_ExcelIssue_ET Version: 12.6(2)_Permalink_ET Version: 12.6.2_CSCwk19536_ET Version: 12.6.2_CSCwm96922_ET Version: 12.6.2_Amq_OOS_ET Version: 12.5(2)ET_CSCwi79933 Version: 12.6(2)_ET Version: 12.6.2_CSCwn48501_ET
Cisco	Cisco Unity Connection	Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 14SU3a Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 12.5(1)SU9
Cisco	Cisco Virtualized Voice Browser	Version: 11.0(1) Version: 11.6(1)_ES84 Version: 11.5(1)_ES54 Version: 11.5(1)_ES27 Version: 11.5(1) Version: 11.5(1)ES36 Version: 12.0(1)_ES01 Version: 11.6(1)_ES85 Version: 12.5(1)_ES05 Version: 11.5(1)_ES32 Version: 11.6(1)_ES83 Version: 11.5(1)_ES29 Version: 12.0(1)_ES06 Version: 12.5(1) Version: 12.0(1)_ES07 Version: 11.6(1)_ES80 Version: 12.0(1)_ES05 Version: 11.5(1)_ES36 Version: 11.5(1)_ES53 Version: 12.5(1)_ES08 Version: 11.5(1)ES43 Version: 12.0(1)_ES03 Version: 11.6(1)_ES86 Version: 12.0(1)_ES04 Version: 11.5(1)ES27 Version: 12.5(1)_ES03 Version: 11.6(1)_ES88 Version: 12.5(1)_ES06 Version: 11.6(1)_ES82 Version: 11.6(1) Version: 11.5(1)ES29 Version: 12.5(1)_ES04 Version: 12.5(1)_ES07 Version: 11.6(1)_ES87 Version: 11.6(1)_ES81 Version: 12.0(1) Version: 11.6(1)_ES22 Version: 11.5(1)_ES43 Version: 11.5(1)ES32 Version: 12.0(1)_ES02 Version: 12.5(1)_ES02 Version: 12.6(1) Version: 12.5(1)_ES09 Version: 12.6(1)_ES01 Version: 12.0(1)_ES08 Version: 12.5(1)_ES10 Version: 12.6(1)_ES02 Version: 12.5(1)_ES11 Version: 12.5(1)_ES12 Version: 12.6(1)_ES03 Version: 12.5(1)_ES13 Version: 12.5(1)_ES14 Version: 12.6(1)_ES04 Version: 12.6(1)_ES05 Version: 12.5(1)_ES15 Version: 12.6(1)_ES06 Version: 12.6(1)_ET Version: 12.5(1)_ES16 Version: 12.5(1)SU Version: 12.5(1)_SU Version: 12.5(1)_SU_ES01 Version: 12.6(1)_ES07 Version: 12.6(2) Version: 12.5(1)_ES17 Version: 12.6(1)_ES08 Version: 12.6(1)_ES09 Version: 12.6(1)_ES10 Version: 12.5(1)_SU_ES02 Version: 12.6(2)_ES01 Version: 12.6(2)_ET01 Version: 12.5(2)_ET Version: 12.6(2)_ES02 Version: 12.6(2)_ET_Streaming Version: 12.6(2)ET_Transcribe Version: 12.6(2)_ES03 Version: 12.6(2)ET_NuanceMix Version: 12.6(2)ET_FileUpload Version: 12.6(2)_ET02 Version: 12.6(2)_ES04 Version: 12.6.2ET_RTPfallback Version: 12.6.2ET_CSCwf55306 Version: 12.6.2_ET_CSCwj36712 Version: 12.5.2 ET-CSCwj33374 Version: 12.5(1) SU ET Version: 12.6(2)ET_CSCwj87296 Version: 12.6(2)_ES05 Version: 12.5.2_ET_CSCvz27014 Version: 12.6(2)_ET Version: 12.6.2-ET Version: 12.6(2)ET_CSCwk83135 Version: 12.6.2_ET_CX_ALAW Version: 12.6.2-ET01-SSL Version: 12.6(2)_ES06

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-06T03:55:32.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Finesse",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)ES_Rollback"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)FIPS"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES10"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES3"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco SocialMiner",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "10.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7a"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "14SU4a"
            },
            {
              "status": "affected",
              "version": "15SU1a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "Recovery ISO"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_Amq_OOS_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unity Connection",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "14SU3a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Virtualized Voice Browser",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES84"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES54"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES27"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES36"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES85"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES05"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES32"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES83"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES29"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES07"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES80"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES05"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES36"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES53"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES08"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES43"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES86"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES27"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES88"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES06"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES82"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES29"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES07"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES87"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES81"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES22"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES43"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES32"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES11"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES12"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES13"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES14"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES15"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES16"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES07"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES17"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET01"
            },
            {
              "status": "affected",
              "version": "12.5(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET_Streaming"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_Transcribe"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES03"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_NuanceMix"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_FileUpload"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6.2ET_RTPfallback"
            },
            {
              "status": "affected",
              "version": "12.6.2ET_CSCwf55306"
            },
            {
              "status": "affected",
              "version": "12.6.2_ET_CSCwj36712"
            },
            {
              "status": "affected",
              "version": "12.5.2 ET-CSCwj33374"
            },
            {
              "status": "affected",
              "version": "12.5(1) SU ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_CSCwj87296"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES05"
            },
            {
              "status": "affected",
              "version": "12.5.2_ET_CSCvz27014"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2-ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_CSCwk83135"
            },
            {
              "status": "affected",
              "version": "12.6.2_ET_CX_ALAW"
            },
            {
              "status": "affected",
              "version": "12.6.2-ET01-SSL"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES06"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T16:18:20.661Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-vos-command-inject-65s2UCYy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
        "defects": [
          "CSCwk24029"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Communications Products Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20278",
    "datePublished": "2025-06-04T16:18:20.661Z",
    "dateReserved": "2024-10-10T19:15:13.246Z",
    "dateUpdated": "2025-06-06T03:55:32.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd

Published

2018-06-07 12:29

Modified

2025-07-31 15:03

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

References

▶	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	emergency_responder	*
cisco	emergency_responder	*
cisco	emergency_responder	*
cisco	emergency_responder	11.0\(1.10000.10\)
cisco	finesse	*
cisco	finesse	9.5\(1\)
cisco	hosted_collaboration_mediation_fulfillment	*
cisco	hosted_collaboration_mediation_fulfillment	9.5\(1\)
cisco	mediasense	*
cisco	mediasense	9.5\(1\)
cisco	prime_collaboration_assurance	*
cisco	prime_collaboration_assurance	*
cisco	prime_collaboration_provisioning	12.5
cisco	prime_license_manager	*
cisco	prime_license_manager	*
cisco	socialminer	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	10.5\(2.10000.5\)
cisco	unified_communications_manager	11.0\(1.10000.10\)
cisco	unified_communications_manager	11.5\(1.10000.6\)
cisco	unified_communications_manager	12.0
cisco	unified_contact_center_express	*
cisco	unified_contact_center_express	9.0\(2\)su1.3
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	9.5\(1\)
cisco	unity_connection	*
cisco	unity_connection	*
cisco	unity_connection	9.5\(0.9\)tt0
cisco	unity_connection	12.0
cisco	virtualized_voice_browser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F71C50-5AEA-4C57-B40D-BD175CE99F61",
              "versionEndExcluding": "10.5\\(1a\\)",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADE21CC-8C70-4270-9431-30C4213A8115",
              "versionEndExcluding": "11.5\\(4\\)",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "650A41E1-9A81-4C08-9DDF-9CDDC6E22202",
              "versionEndExcluding": "12.0su1",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6E73AED2-74FE-410F-835A-7BD9E5E6C7DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A01F3E-24B2-4FE4-8466-6DE2EFA0530C",
              "versionEndExcluding": "11.5\\(3\\)",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "359B9780-D7A7-467C-A665-573C62E981EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B834DBFE-9CB9-486C-8084-3735D0994D7F",
              "versionEndExcluding": "11.5\\(3\\)",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3EAC03-CB4A-423D-95BF-D7AB258CE2E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:mediasense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEF5671-AEB6-442B-8D9F-242447410512",
              "versionEndExcluding": "11.5su2",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:mediasense:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "37B3DC93-6772-4836-B969-3D8B0359D4AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB04C20D-B989-4B4D-B5F9-C2067CC886E1",
              "versionEndExcluding": "11.6_es16",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B3174-0187-4C3A-AFE7-2443FBAEA97E",
              "versionEndExcluding": "12.1_es2",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDA7BD5-70AE-431C-8E92-171A84BAA77F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9960C4-874D-44DF-B686-9039179378F4",
              "versionEndExcluding": "10.5.2",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FC0ED2-B2D2-4F52-B2B0-AC0DDCB430E9",
              "versionEndExcluding": "11.5\\(1\\)su5",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F4EDF5-67A4-42E1-BCB3-DB36A74C15A7",
              "versionEndExcluding": "11.6.1",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE65718F-D5E7-4FFA-985E-D0BCE395DBAE",
              "versionEndExcluding": "10.5\\(2\\)su5",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE99092A-3EB2-4F0B-8812-ECA6B67AA301",
              "versionEndExcluding": "11.0\\(1a\\)su4",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8439C2DF-9F4B-40FE-8898-6331064026AA",
              "versionEndExcluding": "11.5\\(1\\)su3",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F47282B9-8B76-40E0-B72C-A6A196A37A0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05BD68E4-4296-49ED-B789-60B935210C28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271E4847-9AF4-4DDC-82AB-3BE20F7A67F9",
              "versionEndExcluding": "11.6\\(1\\)",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FFF48A-B174-4FD6-9626-E81B5BAE3B43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B24C3F-B602-42B6-95E8-C1E4B247A28D",
              "versionEndExcluding": "11.6\\(1\\)",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8337AC-7B8F-42E0-A714-ACD569C0CA77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1EF97D-52BC-4A60-9A73-09BFAAD05DAD",
              "versionEndExcluding": "10.5su5",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD34725-568D-4612-A84F-FF524D57F0E4",
              "versionEndExcluding": "11.5.1su3",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:9.5\\(0.9\\)tt0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5B4499-83A3-461B-AC8C-45BEABCBA1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D225AB-813B-4182-8916-0FE8307BB18B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9928C83-6BEB-44AA-BB2E-AA2B9DC58BE4",
              "versionEndExcluding": "11.6\\(1\\)",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos Cisco se han visto afectados por una vulnerabilidad en la gesti\u00f3n de archivos locales para ciertos archivos de log del sistema de productos Cisco Collaboration que podr\u00edan permitir que un atacante remoto no autenticado provoque un gran uso del disco, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad ocurre debido a que cierto archivo de registro del sistema no tiene una restricci\u00f3n de tama\u00f1o m\u00e1ximo. Por lo tanto, se permite que el archivo consuma la mayor\u00eda de espacio disponible en el dispositivo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando peticiones de conexi\u00f3n remota manipuladas al dispositivo. La explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante aumente el tama\u00f1o de un archivo de log del sistema para que consuma casi todo el espacio del disco. La falta de espacio disponible en el disco podr\u00eda desembocar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en la que las funciones de la aplicaci\u00f3n podr\u00edan operar de forma err\u00f3nea, haciendo que la aplicaci\u00f3n sea inestable. Esta vulnerabilidad afecta a los siguientes productos basados en Cisco Voice Operating System (VOS): Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IMP - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection y Virtualized Voice Browser. Esta vulnerabilidad tambi\u00e9n afecta a Prime Collaboration Assurance y Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818 y CSCvi31823."
    }
  ],
  "id": "CVE-2017-6779",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-07T12:29:00.260",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-04 17:15

Modified

2025-07-31 15:02

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	finesse	10.5\(1\)
cisco	finesse	10.5\(1\)_es1
cisco	finesse	10.5\(1\)_es2
cisco	finesse	10.5\(1\)_es3
cisco	finesse	10.5\(1\)_es4
cisco	finesse	10.5\(1\)_es5
cisco	finesse	10.5\(1\)_es6
cisco	finesse	10.5\(1\)_es7
cisco	finesse	10.5\(1\)_es8
cisco	finesse	10.5\(1\)_es9
cisco	finesse	10.5\(1\)_es10
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)_fips
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(2\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	socialminer	10.5\(1\)
cisco	socialminer	10.6\(1\)
cisco	socialminer	10.6\(2\)
cisco	socialminer	11.0\(1\)
cisco	socialminer	11.5\(1\)
cisco	socialminer	11.5\(1\)su1
cisco	socialminer	11.6\(1\)
cisco	socialminer	11.6\(2\)
cisco	socialminer	12.0\(1\)
cisco	socialminer	12.0\(1\)es02
cisco	socialminer	12.0\(1\)es03
cisco	socialminer	12.0\(1\)es04
cisco	socialminer	12.5\(1\)
cisco	socialminer	12.5\(1\)es01
cisco	socialminer	12.5\(1\)su1
cisco	socialminer	12.5\(1\)su2
cisco	socialminer	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su5
cisco	unified_communications_manager	12.5\(1\)su6
cisco	unified_communications_manager	12.5\(1\)su7
cisco	unified_communications_manager	12.5\(1\)su7a
cisco	unified_communications_manager	12.5\(1\)su8
cisco	unified_communications_manager	12.5\(1\)su8a
cisco	unified_communications_manager	12.5\(1\)su9
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su1
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su2
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su3
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su4
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su5
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su6
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su7
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su8
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su9
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3
cisco	unified_intelligence_center	*
cisco	unity_connection	12.5\(1\)
cisco	unity_connection	12.5\(1\)su1
cisco	unity_connection	12.5\(1\)su2
cisco	unity_connection	12.5\(1\)su3
cisco	unity_connection	12.5\(1\)su4
cisco	unity_connection	12.5\(1\)su5
cisco	unity_connection	12.5\(1\)su6
cisco	unity_connection	12.5\(1\)su7
cisco	unity_connection	12.5\(1\)su8
cisco	unity_connection	12.5\(1\)su8a
cisco	unity_connection	12.5\(1\)su9
cisco	virtualized_voice_browser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "79D5BACD-F4DB-4633-BFDA-09610BA242B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D37E02C3-B63F-43D9-AF7F-76609C424620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C869C393-AD1F-4334-92F6-F5CB11979EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E80412C-6BFF-44D7-B3B6-D8CC19D93296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C8DA33-8104-414A-8C63-1405C6EEB362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es5:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B8D09E-0967-4938-BFB8-BF25F382CFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C72CA386-7B02-4338-8DF1-94E9E750B1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B3F4B9-7075-4FBE-BFEC-2353BA022985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es8:*:*:*:*:*:*:*",
              "matchCriteriaId": "452114E6-AE9B-4530-AA32-BBD020D06124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF4C48E-BC31-4949-9BB3-9FFDC12D1D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC6BF05F-72DF-486B-932B-DC2F50DB10B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "01597DCF-AC44-4FDF-A1B5-5ED7F32DBB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "9A16F5BD-987C-41DA-98B1-66496F95CFE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "78D4AE20-6DBE-455D-AAE4-1AB2DE8D6E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "030DE3E5-5DB2-46F7-BDAE-EC103C22C832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "173AC31D-3A0E-4885-A294-78756C747035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "F8948CB7-7792-429B-93F5-5F3AF98B14AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "F5B88E85-8485-4F07-973B-864328F2631A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "8B04AB8B-9D7A-4906-A655-A489D32B3036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "AC833139-6461-4383-A02A-BB395F3E3E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "6648DCBA-E3F7-4AFC-B5A2-BC57CF8F5F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "2DBCBEB3-F52E-44C3-9C3A-67D2DEDCD4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "9FA81305-8164-4E75-BC7A-974E212DDFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "7603F952-EC9A-4D1C-8672-1C1DD599B471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "1E2F3098-64AB-4355-9E75-23392F670110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "7324F249-B6A8-47AC-B4E3-BD7D1D180960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "7E507E31-71FA-437D-B325-48281650CFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "7AEC47C7-E04D-4780-A574-5131D71B55C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es10:*:*:*:*:*:*",
              "matchCriteriaId": "5C7322DB-1B4B-4E9A-AD3B-0856905108B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es11:*:*:*:*:*:*",
              "matchCriteriaId": "F7B58C17-84F5-4243-A00C-F9A5558EBF30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "881A361D-FD14-4206-855A-779D03810B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "64E6AE5B-5753-48D6-98AB-B39981AEB9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "D917999F-E9AF-40C2-969A-36C8D5934590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "83BC183B-4CB6-47FB-9AAA-78E5E75BEB3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "93E2DBF0-FAF3-40A7-8BA4-9A56CD6D8939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "A071AD17-9134-43D0-A3C3-FF7348AA0DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es8:*:*:*:*:*:*",
              "matchCriteriaId": "0EBC41A8-BE9B-4F19-A287-52A9DFEF2162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es9:*:*:*:*:*:*",
              "matchCriteriaId": "DCB0C670-4159-4ECB-B520-FF4197381E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\)_fips:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB97E302-0642-453F-927E-A6370EB7CBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "2D876E49-DF49-4CEF-B2E8-95AEB5FE651A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "02E2FDD7-5C71-426B-8578-2B57582BC76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "ECAE1945-C1AF-488D-90AA-BDF6BE2C9B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "0BEF7143-A46F-4591-96CA-765503897C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "1BB52449-3211-42CC-85D7-C0E6EC4A4BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "5E28915E-1F4D-4A65-9FEB-848908567277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "786F037D-FC43-4024-9746-4C81C5F471C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "9E6B0E93-7805-4076-BB46-A5D1DC8102DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es8:*:*:*:*:*:*",
              "matchCriteriaId": "D6A77483-98FD-417B-8BAA-2C2DAEE41DEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "3629695A-A121-4963-9BAC-9AEF3A4FABF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "F6DC24C6-F2A0-431F-86BA-68F706E19549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "6F457A6B-426E-426D-9229-0609727E59AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "96F4A329-A0DE-4853-B605-F26DD5C96BBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "B75F5E70-70EB-4C39-972D-5E55FACC6540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "6FA9D96D-8A0D-4AA0-9072-8D5610FF966D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "EBDB20F0-C090-45F7-9FD2-91A6E29A4A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "EA550F6E-E4A7-421E-A437-85978B95B149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es8:*:*:*:*:*:*",
              "matchCriteriaId": "C25DF954-39E6-4C0A-80BD-AABAB9CE6767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su:*:*:*:*:*:*",
              "matchCriteriaId": "80250CAD-F57B-4744-8003-5A156995A813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es1:*:*:*:*:*:*",
              "matchCriteriaId": "80386F8A-0A80-44BE-ABE0-A5607FD647F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es2:*:*:*:*:*:*",
              "matchCriteriaId": "FD034AE2-F64A-4E4B-B5E3-CCD03D0DFDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es3:*:*:*:*:*:*",
              "matchCriteriaId": "EB805752-C6E2-4442-A742-AEA46BCE7058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0AAAD5C7-2485-49CE-BF11-AD5A37DE02AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "28B1524E-FDCA-4570-86DD-CE396271B232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "74DC6F28-BFEF-4D89-93D5-10072DAC39C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
              "matchCriteriaId": "BA1D60D7-1B4A-4EEE-A26C-389D9271E005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es04:*:*:*:*:*:*",
              "matchCriteriaId": "CBB30A12-F8D7-403C-B430-A2ECF57F6FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es05:*:*:*:*:*:*",
              "matchCriteriaId": "2C660245-93FF-454C-BE89-56D185105E06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es06:*:*:*:*:*:*",
              "matchCriteriaId": "D68B5D94-C071-4CCA-B0F1-1EB9748F2773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es07:*:*:*:*:*:*",
              "matchCriteriaId": "C4B917B3-486D-40F0-BA3C-02F3C2FBDE4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es07_et:*:*:*:*:*:*",
              "matchCriteriaId": "6FA347C0-A5B5-4148-987A-72BC9021EAB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es08:*:*:*:*:*:*",
              "matchCriteriaId": "C619F70A-F119-4252-BB9E-1C46587B8346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es09:*:*:*:*:*:*",
              "matchCriteriaId": "AC1D7342-C9E4-4831-AD71-EF806AD56C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es10:*:*:*:*:*:*",
              "matchCriteriaId": "D3B65C32-F0B5-45D5-91B3-A2AF40FD711C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es11:*:*:*:*:*:*",
              "matchCriteriaId": "AAEA5E13-FD7F-4AD3-A775-2FB839B8F040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "8C98A1AA-4F49-4DD8-B4F4-6194E487BBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "CCCF715C-5DDF-4586-AF7B-C2C3579F6041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "2C21D0F8-E157-4094-98BF-0CCCE0505CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es03:*:*:*:*:*:*",
              "matchCriteriaId": "5B3E1F6B-7054-42E0-A3E4-542B32646653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es04:*:*:*:*:*:*",
              "matchCriteriaId": "585DB839-C795-40E0-88FE-C831426E1F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es05:*:*:*:*:*:*",
              "matchCriteriaId": "8E743A73-666C-4431-9030-7B0EC67C95F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3F8BC85C-F3C7-4FE6-97D5-30C2DA4858D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8496A6AF-FF0B-4DCD-9524-4C89E74B44C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0D8D8B8B-FD28-4A42-8364-72D896742533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "152B13F1-4EB5-4DA0-A943-326F8F324432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBA712A-A9FC-4DA9-A06A-9A49A0355F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D807EB1C-6970-4A6D-B50A-A16DC43C443E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53D578-A6D5-4BD0-9CD2-C8E496D136B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24871067-7ADC-473D-A148-A82BE2C158A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5C6FC1-CD6B-48C0-803C-E77C4B182A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9898EB83-A3A1-45A8-9E88-09A5A27D6EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2AB2650-7D2B-4117-888D-CCB5E894E5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D32D6A4A-08E6-470E-B82C-D5E4E4B810FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F7499F-5F1E-47BA-8A84-33B55CA4E966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B065FE-3FA0-4109-90F3-57EABB2DB6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA97B42-BE0D-4D64-9791-C74DE3DB3EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "811913C6-4E1B-449F-9E95-F57D96436A59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB73BD4-9ECC-458E-925D-FECE9A49BD48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9751FC-5C3C-4D7B-B368-39FF096C1581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E411B60D-4EFA-4A8C-A9A0-74B7524B2B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC7EAB06-39FB-4897-BDCC-B84041DA9AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E727720-92A8-430E-881F-091ACC71E87F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "511D0C5D-55DB-4293-BFE0-17D31073C5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294B9E10-2CF1-47D3-9725-E2A568E17AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*",
              "matchCriteriaId": "397E6105-7508-4DEB-AD6D-1E702E31C875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DD5882F-47AD-44BF-BAF5-4DA6B59A45A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8:*:*:*:*:*:*:*",
              "matchCriteriaId": "65580374-43E4-4EB4-8D66-76FB8AF11568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D501B7FB-1335-4C44-8C4F-DDF033A41E4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5D489D-D2D3-4784-8B80-209344A9FC76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00310A4E-8CC5-4AE4-ACC3-80F1066D4EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D2915C-E4C2-404B-BC2E-10FAAE34A98B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC46928-718B-4CCB-AE4F-A974ACD52AA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6FDB4C-ABA5-418A-81DC-C1735F3F6795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC698BDD-2C43-4F6B-BD9A-29FE9A03449B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "46366B52-A3BE-43B6-9861-1ED8271E224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32FBC94-72DA-4467-8A63-74C3A3AF7FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su8:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D141B1-48C4-4214-BD66-C0BE88B89863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9693DD-CCAC-418C-9C7A-9E9E8A153B3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3836BAC-BF47-4212-9018-9797A89A528B",
              "versionEndExcluding": "12.6\\(2\\)es_04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9DD393-7E10-4EE5-9FB4-855F3231F989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D2C89A9-B258-4BEC-9819-7AF3229F4343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E53369D-EABA-4381-8480-237881743CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCEF0CC-0553-4886-863B-61F1994D039B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E310C92-6C6B-4198-9220-4D43730B1AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2FF97D-3E51-473C-8466-E451771BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "86884D5E-B015-447A-9834-1264315FCC50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su7:*:*:*:*:*:*:*",
              "matchCriteriaId": "538BCDAE-A94C-4343-B63B-5D29023707E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E89A84F3-E075-4CAF-9B3C-5F080FC37F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDF5353-D773-460B-B02A-5409112BE2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su9:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DE4A5D-BC2D-4F77-91C0-E978EA02AAD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C923C78-995C-4988-8123-DC32B519A711",
              "versionEndExcluding": "12.6\\(2\\)es06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI de varios productos de Cisco Unified Communications podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los argumentos de comando proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad ejecutando comandos manipulados en la CLI de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de administrador v\u00e1lidas.\n"
    }
  ],
  "id": "CVE-2025-20278",
  "lastModified": "2025-07-31T15:02:05.967",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-04T17:15:27.963",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-11-04 03:59

Modified

2025-04-12 10:46

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1034048
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034048

Impacted products

	Vendor	Product	Version
	cisco	socialminer	10.0\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC6F054-1280-4FA9-80B7-E40E2F20FDB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la p\u00e1gina WeChat en Cisco Social Miner 10.0(1) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuw60212."
    }
  ],
  "id": "CVE-2015-6356",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-11-04T03:59:10.577",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151103-csm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034048"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-01-24 16:29

Modified

2024-11-21 04:37

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/106720	Broken Link, Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106720	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	socialminer	11.6\(1\)
cisco	socialminer	11.6\(2\)
cisco	socialminer	12.0\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53D578-A6D5-4BD0-9CD2-C8E496D136B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24871067-7ADC-473D-A148-A82BE2C158A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad de \"chat feed\" de Cisco SocialMiner podr\u00eda permitir a un atacante remoto no autenticado realizar ataques de Cross-Site Scripting (XSS) contra usuarios de la interfaz web de un sistema afectado. Esta vulnerabilidad se debe al saneamiento insuficiente de entradas proporcionadas por el usuario que se entregan al \"chat feed\" como parte de una petici\u00f3n HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que un usuario siga un enlace a contenido controlado por el atacante. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n sensible del navegador."
    }
  ],
  "id": "CVE-2019-1668",
  "lastModified": "2024-11-21T04:37:03.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-24T16:29:00.550",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106720"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-10-17 21:49

Modified

2024-11-21 03:50

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/105663	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105663	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	socialminer	11.6\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco SocialMiner podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) persistente contra un usuario de dicha interfaz en un sistema afectado. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entrada de datos de parte del usuario en la interfaz de gesti\u00f3n web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que un usuario de la interfaz haga clic en un enlace manipulado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz o que pueda acceder a informaci\u00f3n sensible del navegador."
    }
  ],
  "id": "CVE-2018-15435",
  "lastModified": "2024-11-21T03:50:47.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-17T21:49:52.977",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105663"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-04 17:15

Modified

2025-08-01 15:08

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	socialminer	10.5\(1\)
cisco	socialminer	10.6\(1\)
cisco	socialminer	10.6\(2\)
cisco	socialminer	11.0\(1\)
cisco	socialminer	11.5\(1\)
cisco	socialminer	11.5\(1\)su1
cisco	socialminer	11.6\(1\)
cisco	socialminer	11.6\(2\)
cisco	socialminer	12.0\(1\)
cisco	socialminer	12.0\(1\)es02
cisco	socialminer	12.0\(1\)es03
cisco	socialminer	12.0\(1\)es04
cisco	socialminer	12.5\(1\)
cisco	socialminer	12.5\(1\)es01
cisco	socialminer	12.5\(1\)su1
cisco	socialminer	12.5\(1\)su2
cisco	socialminer	12.5\(1\)su3
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3F8BC85C-F3C7-4FE6-97D5-30C2DA4858D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8496A6AF-FF0B-4DCD-9524-4C89E74B44C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0D8D8B8B-FD28-4A42-8364-72D896742533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "152B13F1-4EB5-4DA0-A943-326F8F324432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBA712A-A9FC-4DA9-A06A-9A49A0355F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D807EB1C-6970-4A6D-B50A-A16DC43C443E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53D578-A6D5-4BD0-9CD2-C8E496D136B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24871067-7ADC-473D-A148-A82BE2C158A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5C6FC1-CD6B-48C0-803C-E77C4B182A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9898EB83-A3A1-45A8-9E88-09A5A27D6EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2AB2650-7D2B-4117-888D-CCB5E894E5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D32D6A4A-08E6-470E-B82C-D5E4E4B810FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F7499F-5F1E-47BA-8A84-33B55CA4E966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B065FE-3FA0-4109-90F3-57EABB2DB6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA97B42-BE0D-4D64-9791-C74DE3DB3EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "811913C6-4E1B-449F-9E95-F57D96436A59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de chat web de Cisco Customer Collaboration Platform (CCP), anteriormente Cisco SocialMiner, podr\u00eda permitir que un atacante remoto no autenticado persuada a los usuarios para que revelen informaci\u00f3n confidencial. Esta vulnerabilidad se debe a una depuraci\u00f3n inadecuada de las solicitudes HTTP enviadas a la interfaz de chat web. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes HTTP manipuladas a la interfaz de chat de un usuario objetivo en un servidor vulnerable. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante redirigir el tr\u00e1fico de chat a un servidor bajo su control, lo que resultar\u00eda en la redirecci\u00f3n de informaci\u00f3n confidencial."
    }
  ],
  "id": "CVE-2025-20129",
  "lastModified": "2025-08-01T15:08:03.230",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-04T17:15:25.407",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-13 14:10

Modified

2025-04-11 00:51

Severity ?

Summary

administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1029033
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029033

Impacted products

	Vendor	Product	Version
	cisco	socialminer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "administration.jsp in Cisco SocialMiner allows remote attackers to obtain sensitive information by sniffing the network for HTTP client-server traffic, aka Bug ID CSCuh76780."
    },
    {
      "lang": "es",
      "value": "administration.jsp en Cisco SocialMiner permite a atacantes remotos obtener informaci\u00f3n sensible mediante la captura de tr\u00e1fico de red para tr\u00e1fico HTTP cliente-servidor. Aka Bug ID CSCuh76780."
    }
  ],
  "id": "CVE-2013-5492",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-13T14:10:27.447",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1029033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5492"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029033"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2018-05-17 03:29

Modified

2024-11-21 03:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/104201	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104201	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	socialminer	11.6\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la pila TCP de Cisco SocialMiner podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en el sistema de notificaciones. La vulnerabilidad se debe a la gesti\u00f3n err\u00f3nea de nuevas conexiones TCP en la aplicaci\u00f3n afectada. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete HTTP manipulado al servicio vulnerable. Su explotaci\u00f3n podr\u00eda permitir a un atacante provocar una denegaci\u00f3n de servicio (DoS) interrumpiendo ciertos servicios telef\u00f3nicos. Se podr\u00eda necesitar el reinicio manual del dispositivo para restaurar las funcionalidades completas. Cisco Bug IDs: CSCvh48368."
    }
  ],
  "id": "CVE-2018-0290",
  "lastModified": "2024-11-21T03:37:54.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-17T03:29:00.620",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104201"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104201"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-socmin-dos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-08 03:17

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483	Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=30674
psirt@cisco.com	http://www.securityfocus.com/bid/62252
psirt@cisco.com	http://www.securitytracker.com/id/1028989
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86912
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=30674
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/62252
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028989
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86912

Impacted products

	Vendor	Product	Version
	cisco	socialminer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en bookmarklet.jsp en Cisco SocialMiner permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados. Aka Bug ID CSCuh73868."
    }
  ],
  "id": "CVE-2013-5483",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-08T03:17:39.757",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30674"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/62252"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1028989"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86912"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2013-09-13 14:10

Modified

2025-04-11 00:51

Severity ?

Summary

The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489	Vendor Advisory
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=30734
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86965
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=30734
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86965

Impacted products

	Vendor	Product	Version
	cisco	socialminer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125."
    },
    {
      "lang": "es",
      "value": "El gadget implementaci\u00f3n en Cisco SocialMiner no restringe apropiadamente el contenido de peticiones GET, lo que permite a atacantes remotos obtener informaci\u00f3n sensible leyendo logs de acceso del servidor web(1) , logs Referer del servidor web(2) o el historial de navegaci\u00f3n . Conocido tambien como Bug ID CSCuh74125."
    }
  ],
  "id": "CVE-2013-5489",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-13T14:10:27.343",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30734"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86965"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-07 21:29

Modified

2025-04-20 01:37

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/100664	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039274	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100664	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039274	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	socialminer	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de usuario web de Cisco SocialMiner podr\u00eda permitir a un atacante remoto no autenticado tener acceso de lectura y escritura a la informaci\u00f3n almacenada en el sistema afectado. La vulnerabilidad se debe a una gesti\u00f3n incorrecta de las entradas XXE (XML External Entity) cuando se analizan sint\u00e1cticamente en un archivo XML. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo al administrador de un sistema afectado para que importe un archivo XML manipulado con entradas maliciosas, lo que podr\u00eda permitir al atacante leer y modificar archivos y ejecutar c\u00f3digo remotamente en la aplicaci\u00f3n. Cisco Bug IDs: CSCvf47946."
    }
  ],
  "id": "CVE-2017-12216",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-07T21:29:00.347",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100664"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039274"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-07-04 00:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1).

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/99205	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1038738	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99205	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038738	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	socialminer	11.5\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBA712A-A9FC-4DA9-A06A-9A49A0355F34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el framework Web de SocialMiner de Cisco, podr\u00eda permitir a un atacante remoto no identificado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz web de un sistema afectado. M\u00e1s informaci\u00f3n: CSCve15285. Versiones Afectadas Conocidas: 11.5(1)."
    }
  ],
  "id": "CVE-2017-6702",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-04T00:29:00.367",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99205"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038738"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038738"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-16 07:29

Modified

2025-07-31 15:03

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/101865	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039813	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039814	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039815	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039816	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039817	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039818	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039819	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039820	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101865	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039813	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039814	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039815	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039816	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039817	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039818	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039819	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039820	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	emergency_responder	-
cisco	finesse	-
cisco	hosted_collaboration_solution	-
cisco	mediasense	-
cisco	prime_license_manager	-
cisco	socialminer	-
cisco	unified_communications_manager	-
cisco	unified_communications_manager	-
cisco	unified_communications_manager_im_and_presence_service	-
cisco	unified_contact_center_express	-
cisco	unified_intelligence_center	-
cisco	unity_connection	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3342DE3-F98B-48CF-9416-FA8D7F062E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F343F98-1100-489F-B34C-480F7898A240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A8E190-1846-44ED-9572-D80D71A433DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B0A2D56-3667-438C-A367-4DB74F72507B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE11E45-1A8C-497C-A1B1-ED695E812CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395232C7-93D5-4877-A726-32E5BAFAF812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "863C456D-EE60-49F8-AFB0-795EA29CD93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16991CD6-A32F-4891-B6B6-41D050FC1412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "444F1581-0CD5-40B9-8C9E-0E428E6D75C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3270ADFF-27F5-4972-AB44-FA2882486B16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0368C678-72A4-4F48-B31D-77A6BDAAC4DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el mecanismo de actualizaci\u00f3n de productos de colaboraci\u00f3n de Cisco basados en la plataforma de software Cisco Voice Operating System podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso elevado no autorizado a un dispositivo afectado. La vulnerabilidad ocurre cuando un refresh upgrade (RU) o una migraci\u00f3n Prime Collaboration Deployment (PCD) se realiza en un dispositivo afectado. Cuando un refresh upgrade o una migraci\u00f3n PCD se completa con \u00e9xito, una marca de ingenier\u00eda se mantiene habilitada y podr\u00eda permitir el acceso root al dispositivo con una contrase\u00f1a conocida. Si el dispositivo vulnerable se actualiza empleando el m\u00e9todo de actualizaci\u00f3n est\u00e1ndar a un Engineering Special Release, la actualizaci\u00f3n del servicio o una nueva actualizaci\u00f3n del producto afectado, esta vulnerabilidad se remedia mediante tal acci\u00f3n. Nota: Los Engineering Special Release que se instalan como archivos COP, a diferencia del m\u00e9todo de actualizaci\u00f3n est\u00e1ndar, no remedian esta vulnerabilidad. Un atacante que pueda acceder a un dispositivo afectado mediante SFTP mientras se encuentre en un estado vulnerable podr\u00eda obtener acceso root al dispositivo. Este acceso podr\u00eda permitir que el atacante comprometa completamente el sistema afectado. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
    }
  ],
  "id": "CVE-2017-12337",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-16T07:29:01.023",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101865"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039813"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039814"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039815"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039816"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039817"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039818"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039819"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039820"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerabilites related to cisco - socialminer

CVE-2018-0290 (GCVE-0-2018-0290)

Vulnerability from cvelistv5

CVE-2017-12337 (GCVE-0-2017-12337)

Vulnerability from cvelistv5

CVE-2018-15435 (GCVE-0-2018-15435)

Vulnerability from cvelistv5

CVE-2015-6356 (GCVE-0-2015-6356)

Vulnerability from cvelistv5

CVE-2017-12216 (GCVE-0-2017-12216)

Vulnerability from cvelistv5

CVE-2017-6779 (GCVE-0-2017-6779)

Vulnerability from cvelistv5

CVE-2013-5489 (GCVE-0-2013-5489)

Vulnerability from cvelistv5

CVE-2025-20129 (GCVE-0-2025-20129)

Vulnerability from cvelistv5

CVE-2013-5492 (GCVE-0-2013-5492)

Vulnerability from cvelistv5

CVE-2013-5483 (GCVE-0-2013-5483)

Vulnerability from cvelistv5

CVE-2019-1668 (GCVE-0-2019-1668)

Vulnerability from cvelistv5

CVE-2017-6702 (GCVE-0-2017-6702)

Vulnerability from cvelistv5

CVE-2025-20278 (GCVE-0-2025-20278)

Vulnerability from cvelistv5

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd