Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2018-06-07 12:29

Modified

2025-07-31 15:03

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

References

▶	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	emergency_responder	*
cisco	emergency_responder	*
cisco	emergency_responder	*
cisco	emergency_responder	11.0\(1.10000.10\)
cisco	finesse	*
cisco	finesse	9.5\(1\)
cisco	hosted_collaboration_mediation_fulfillment	*
cisco	hosted_collaboration_mediation_fulfillment	9.5\(1\)
cisco	mediasense	*
cisco	mediasense	9.5\(1\)
cisco	prime_collaboration_assurance	*
cisco	prime_collaboration_assurance	*
cisco	prime_collaboration_provisioning	12.5
cisco	prime_license_manager	*
cisco	prime_license_manager	*
cisco	socialminer	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	10.5\(2.10000.5\)
cisco	unified_communications_manager	11.0\(1.10000.10\)
cisco	unified_communications_manager	11.5\(1.10000.6\)
cisco	unified_communications_manager	12.0
cisco	unified_contact_center_express	*
cisco	unified_contact_center_express	9.0\(2\)su1.3
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	9.5\(1\)
cisco	unity_connection	*
cisco	unity_connection	*
cisco	unity_connection	9.5\(0.9\)tt0
cisco	unity_connection	12.0
cisco	virtualized_voice_browser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57F71C50-5AEA-4C57-B40D-BD175CE99F61",
              "versionEndExcluding": "10.5\\(1a\\)",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADE21CC-8C70-4270-9431-30C4213A8115",
              "versionEndExcluding": "11.5\\(4\\)",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "650A41E1-9A81-4C08-9DDF-9CDDC6E22202",
              "versionEndExcluding": "12.0su1",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6E73AED2-74FE-410F-835A-7BD9E5E6C7DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A01F3E-24B2-4FE4-8466-6DE2EFA0530C",
              "versionEndExcluding": "11.5\\(3\\)",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "359B9780-D7A7-467C-A665-573C62E981EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B834DBFE-9CB9-486C-8084-3735D0994D7F",
              "versionEndExcluding": "11.5\\(3\\)",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3EAC03-CB4A-423D-95BF-D7AB258CE2E0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:mediasense:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEF5671-AEB6-442B-8D9F-242447410512",
              "versionEndExcluding": "11.5su2",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:mediasense:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "37B3DC93-6772-4836-B969-3D8B0359D4AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB04C20D-B989-4B4D-B5F9-C2067CC886E1",
              "versionEndExcluding": "11.6_es16",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B3174-0187-4C3A-AFE7-2443FBAEA97E",
              "versionEndExcluding": "12.1_es2",
              "versionStartIncluding": "12.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDA7BD5-70AE-431C-8E92-171A84BAA77F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9960C4-874D-44DF-B686-9039179378F4",
              "versionEndExcluding": "10.5.2",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FC0ED2-B2D2-4F52-B2B0-AC0DDCB430E9",
              "versionEndExcluding": "11.5\\(1\\)su5",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F4EDF5-67A4-42E1-BCB3-DB36A74C15A7",
              "versionEndExcluding": "11.6.1",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE65718F-D5E7-4FFA-985E-D0BCE395DBAE",
              "versionEndExcluding": "10.5\\(2\\)su5",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE99092A-3EB2-4F0B-8812-ECA6B67AA301",
              "versionEndExcluding": "11.0\\(1a\\)su4",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8439C2DF-9F4B-40FE-8898-6331064026AA",
              "versionEndExcluding": "11.5\\(1\\)su3",
              "versionStartIncluding": "11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F47282B9-8B76-40E0-B72C-A6A196A37A0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05BD68E4-4296-49ED-B789-60B935210C28",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "271E4847-9AF4-4DDC-82AB-3BE20F7A67F9",
              "versionEndExcluding": "11.6\\(1\\)",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FFF48A-B174-4FD6-9626-E81B5BAE3B43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B24C3F-B602-42B6-95E8-C1E4B247A28D",
              "versionEndExcluding": "11.6\\(1\\)",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8337AC-7B8F-42E0-A714-ACD569C0CA77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1EF97D-52BC-4A60-9A73-09BFAAD05DAD",
              "versionEndExcluding": "10.5su5",
              "versionStartIncluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD34725-568D-4612-A84F-FF524D57F0E4",
              "versionEndExcluding": "11.5.1su3",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:9.5\\(0.9\\)tt0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5B4499-83A3-461B-AC8C-45BEABCBA1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D225AB-813B-4182-8916-0FE8307BB18B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9928C83-6BEB-44AA-BB2E-AA2B9DC58BE4",
              "versionEndExcluding": "11.6\\(1\\)",
              "versionStartIncluding": "11.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos Cisco se han visto afectados por una vulnerabilidad en la gesti\u00f3n de archivos locales para ciertos archivos de log del sistema de productos Cisco Collaboration que podr\u00edan permitir que un atacante remoto no autenticado provoque un gran uso del disco, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad ocurre debido a que cierto archivo de registro del sistema no tiene una restricci\u00f3n de tama\u00f1o m\u00e1ximo. Por lo tanto, se permite que el archivo consuma la mayor\u00eda de espacio disponible en el dispositivo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando peticiones de conexi\u00f3n remota manipuladas al dispositivo. La explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante aumente el tama\u00f1o de un archivo de log del sistema para que consuma casi todo el espacio del disco. La falta de espacio disponible en el disco podr\u00eda desembocar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en la que las funciones de la aplicaci\u00f3n podr\u00edan operar de forma err\u00f3nea, haciendo que la aplicaci\u00f3n sea inestable. Esta vulnerabilidad afecta a los siguientes productos basados en Cisco Voice Operating System (VOS): Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IMP - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection y Virtualized Voice Browser. Esta vulnerabilidad tambi\u00e9n afecta a Prime Collaboration Assurance y Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818 y CSCvi31823."
    }
  ],
  "id": "CVE-2017-6779",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-07T12:29:00.260",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-07-16 19:59

Modified

2025-07-31 15:03

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39920	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1032962
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39920	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032962

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	10.0\(1\)
	cisco	unified_intelligence_center	10.6\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "46F63F7E-C9D1-4474-ABBF-77189E05AC42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9876F-1048-4E47-B441-16F517B7A41D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF en el Framework Web en Cisco Unified Intelligence Center 10.0 (1) y 10.6 (1), permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug IDs CSCuu94862 y CSCuu97936."
    }
  ],
  "id": "CVE-2015-4274",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-16T19:59:01.007",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1032962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032962"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-02-21 17:15

Modified

2025-05-06 17:43

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1FD7D7-6C4B-4C8B-9E4D-6519AF6E3567",
              "versionEndExcluding": "12.5(1)_es03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB2FB29-5D24-4608-BF4B-6A79EFD9A24B",
              "versionEndExcluding": "12.6(1)_es08",
              "versionStartIncluding": "12.6(1)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BFA52EF-963E-44EB-ACF5-381F41E355DA",
              "versionEndExcluding": "12.6(2)ES02",
              "versionStartIncluding": "12.6(2)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device.\r\n\r This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servidor Live Data de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante local no autenticado lea y modifique datos en un repositorio que pertenece a un servicio interno en un dispositivo afectado. Esta vulnerabilidad se debe a implementaciones insuficientes de control de acceso en las solicitudes CLI de configuraci\u00f3n del cl\u00faster. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud CLI de configuraci\u00f3n del cl\u00faster a directorios espec\u00edficos en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante leer y modificar datos manejados por un servicio interno en el dispositivo afectado."
    }
  ],
  "id": "CVE-2024-20325",
  "lastModified": "2025-05-06T17:43:06.773",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-21T17:15:09.180",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-06-04 17:15

Modified

2025-07-31 15:02

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	finesse	10.5\(1\)
cisco	finesse	10.5\(1\)_es1
cisco	finesse	10.5\(1\)_es2
cisco	finesse	10.5\(1\)_es3
cisco	finesse	10.5\(1\)_es4
cisco	finesse	10.5\(1\)_es5
cisco	finesse	10.5\(1\)_es6
cisco	finesse	10.5\(1\)_es7
cisco	finesse	10.5\(1\)_es8
cisco	finesse	10.5\(1\)_es9
cisco	finesse	10.5\(1\)_es10
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.0\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.5\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)
cisco	finesse	11.6\(1\)_fips
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.0\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(2\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	finesse	12.6\(2\)
cisco	socialminer	10.5\(1\)
cisco	socialminer	10.6\(1\)
cisco	socialminer	10.6\(2\)
cisco	socialminer	11.0\(1\)
cisco	socialminer	11.5\(1\)
cisco	socialminer	11.5\(1\)su1
cisco	socialminer	11.6\(1\)
cisco	socialminer	11.6\(2\)
cisco	socialminer	12.0\(1\)
cisco	socialminer	12.0\(1\)es02
cisco	socialminer	12.0\(1\)es03
cisco	socialminer	12.0\(1\)es04
cisco	socialminer	12.5\(1\)
cisco	socialminer	12.5\(1\)es01
cisco	socialminer	12.5\(1\)su1
cisco	socialminer	12.5\(1\)su2
cisco	socialminer	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)
cisco	unified_communications_manager	12.5\(1\)su1
cisco	unified_communications_manager	12.5\(1\)su2
cisco	unified_communications_manager	12.5\(1\)su3
cisco	unified_communications_manager	12.5\(1\)su4
cisco	unified_communications_manager	12.5\(1\)su5
cisco	unified_communications_manager	12.5\(1\)su6
cisco	unified_communications_manager	12.5\(1\)su7
cisco	unified_communications_manager	12.5\(1\)su7a
cisco	unified_communications_manager	12.5\(1\)su8
cisco	unified_communications_manager	12.5\(1\)su8a
cisco	unified_communications_manager	12.5\(1\)su9
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su1
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su2
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su3
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su4
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su5
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su6
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su7
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su8
cisco	unified_communications_manager_im_and_presence_service	12.5\(1\)su9
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3
cisco	unified_intelligence_center	*
cisco	unity_connection	12.5\(1\)
cisco	unity_connection	12.5\(1\)su1
cisco	unity_connection	12.5\(1\)su2
cisco	unity_connection	12.5\(1\)su3
cisco	unity_connection	12.5\(1\)su4
cisco	unity_connection	12.5\(1\)su5
cisco	unity_connection	12.5\(1\)su6
cisco	unity_connection	12.5\(1\)su7
cisco	unity_connection	12.5\(1\)su8
cisco	unity_connection	12.5\(1\)su8a
cisco	unity_connection	12.5\(1\)su9
cisco	virtualized_voice_browser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "79D5BACD-F4DB-4633-BFDA-09610BA242B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D37E02C3-B63F-43D9-AF7F-76609C424620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C869C393-AD1F-4334-92F6-F5CB11979EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E80412C-6BFF-44D7-B3B6-D8CC19D93296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3C8DA33-8104-414A-8C63-1405C6EEB362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es5:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B8D09E-0967-4938-BFB8-BF25F382CFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C72CA386-7B02-4338-8DF1-94E9E750B1FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B3F4B9-7075-4FBE-BFEC-2353BA022985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es8:*:*:*:*:*:*:*",
              "matchCriteriaId": "452114E6-AE9B-4530-AA32-BBD020D06124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF4C48E-BC31-4949-9BB3-9FFDC12D1D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC6BF05F-72DF-486B-932B-DC2F50DB10B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "01597DCF-AC44-4FDF-A1B5-5ED7F32DBB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "9A16F5BD-987C-41DA-98B1-66496F95CFE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "78D4AE20-6DBE-455D-AAE4-1AB2DE8D6E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "030DE3E5-5DB2-46F7-BDAE-EC103C22C832",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "173AC31D-3A0E-4885-A294-78756C747035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "F8948CB7-7792-429B-93F5-5F3AF98B14AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "F5B88E85-8485-4F07-973B-864328F2631A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "8B04AB8B-9D7A-4906-A655-A489D32B3036",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "AC833139-6461-4383-A02A-BB395F3E3E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "6648DCBA-E3F7-4AFC-B5A2-BC57CF8F5F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "2DBCBEB3-F52E-44C3-9C3A-67D2DEDCD4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "9FA81305-8164-4E75-BC7A-974E212DDFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "7603F952-EC9A-4D1C-8672-1C1DD599B471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "1E2F3098-64AB-4355-9E75-23392F670110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.5\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "7324F249-B6A8-47AC-B4E3-BD7D1D180960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "7E507E31-71FA-437D-B325-48281650CFBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "7AEC47C7-E04D-4780-A574-5131D71B55C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es10:*:*:*:*:*:*",
              "matchCriteriaId": "5C7322DB-1B4B-4E9A-AD3B-0856905108B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es11:*:*:*:*:*:*",
              "matchCriteriaId": "F7B58C17-84F5-4243-A00C-F9A5558EBF30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "881A361D-FD14-4206-855A-779D03810B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "64E6AE5B-5753-48D6-98AB-B39981AEB9B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "D917999F-E9AF-40C2-969A-36C8D5934590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "83BC183B-4CB6-47FB-9AAA-78E5E75BEB3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "93E2DBF0-FAF3-40A7-8BA4-9A56CD6D8939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "A071AD17-9134-43D0-A3C3-FF7348AA0DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es8:*:*:*:*:*:*",
              "matchCriteriaId": "0EBC41A8-BE9B-4F19-A287-52A9DFEF2162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\):es9:*:*:*:*:*:*",
              "matchCriteriaId": "DCB0C670-4159-4ECB-B520-FF4197381E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.6\\(1\\)_fips:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB97E302-0642-453F-927E-A6370EB7CBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "2D876E49-DF49-4CEF-B2E8-95AEB5FE651A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "02E2FDD7-5C71-426B-8578-2B57582BC76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "ECAE1945-C1AF-488D-90AA-BDF6BE2C9B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "0BEF7143-A46F-4591-96CA-765503897C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "1BB52449-3211-42CC-85D7-C0E6EC4A4BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "5E28915E-1F4D-4A65-9FEB-848908567277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "786F037D-FC43-4024-9746-4C81C5F471C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "9E6B0E93-7805-4076-BB46-A5D1DC8102DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.0\\(1\\):es8:*:*:*:*:*:*",
              "matchCriteriaId": "D6A77483-98FD-417B-8BAA-2C2DAEE41DEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "3629695A-A121-4963-9BAC-9AEF3A4FABF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es1:*:*:*:*:*:*",
              "matchCriteriaId": "F6DC24C6-F2A0-431F-86BA-68F706E19549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es2:*:*:*:*:*:*",
              "matchCriteriaId": "6F457A6B-426E-426D-9229-0609727E59AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es3:*:*:*:*:*:*",
              "matchCriteriaId": "96F4A329-A0DE-4853-B605-F26DD5C96BBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es4:*:*:*:*:*:*",
              "matchCriteriaId": "B75F5E70-70EB-4C39-972D-5E55FACC6540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es5:*:*:*:*:*:*",
              "matchCriteriaId": "6FA9D96D-8A0D-4AA0-9072-8D5610FF966D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es6:*:*:*:*:*:*",
              "matchCriteriaId": "EBDB20F0-C090-45F7-9FD2-91A6E29A4A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es7:*:*:*:*:*:*",
              "matchCriteriaId": "EA550F6E-E4A7-421E-A437-85978B95B149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):es8:*:*:*:*:*:*",
              "matchCriteriaId": "C25DF954-39E6-4C0A-80BD-AABAB9CE6767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su:*:*:*:*:*:*",
              "matchCriteriaId": "80250CAD-F57B-4744-8003-5A156995A813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es1:*:*:*:*:*:*",
              "matchCriteriaId": "80386F8A-0A80-44BE-ABE0-A5607FD647F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es2:*:*:*:*:*:*",
              "matchCriteriaId": "FD034AE2-F64A-4E4B-B5E3-CCD03D0DFDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su_es3:*:*:*:*:*:*",
              "matchCriteriaId": "EB805752-C6E2-4442-A742-AEA46BCE7058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0AAAD5C7-2485-49CE-BF11-AD5A37DE02AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "28B1524E-FDCA-4570-86DD-CE396271B232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "74DC6F28-BFEF-4D89-93D5-10072DAC39C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
              "matchCriteriaId": "BA1D60D7-1B4A-4EEE-A26C-389D9271E005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es04:*:*:*:*:*:*",
              "matchCriteriaId": "CBB30A12-F8D7-403C-B430-A2ECF57F6FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es05:*:*:*:*:*:*",
              "matchCriteriaId": "2C660245-93FF-454C-BE89-56D185105E06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es06:*:*:*:*:*:*",
              "matchCriteriaId": "D68B5D94-C071-4CCA-B0F1-1EB9748F2773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es07:*:*:*:*:*:*",
              "matchCriteriaId": "C4B917B3-486D-40F0-BA3C-02F3C2FBDE4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es07_et:*:*:*:*:*:*",
              "matchCriteriaId": "6FA347C0-A5B5-4148-987A-72BC9021EAB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es08:*:*:*:*:*:*",
              "matchCriteriaId": "C619F70A-F119-4252-BB9E-1C46587B8346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es09:*:*:*:*:*:*",
              "matchCriteriaId": "AC1D7342-C9E4-4831-AD71-EF806AD56C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es10:*:*:*:*:*:*",
              "matchCriteriaId": "D3B65C32-F0B5-45D5-91B3-A2AF40FD711C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es11:*:*:*:*:*:*",
              "matchCriteriaId": "AAEA5E13-FD7F-4AD3-A775-2FB839B8F040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "8C98A1AA-4F49-4DD8-B4F4-6194E487BBE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "CCCF715C-5DDF-4586-AF7B-C2C3579F6041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "2C21D0F8-E157-4094-98BF-0CCCE0505CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es03:*:*:*:*:*:*",
              "matchCriteriaId": "5B3E1F6B-7054-42E0-A3E4-542B32646653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es04:*:*:*:*:*:*",
              "matchCriteriaId": "585DB839-C795-40E0-88FE-C831426E1F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(2\\):es05:*:*:*:*:*:*",
              "matchCriteriaId": "8E743A73-666C-4431-9030-7B0EC67C95F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3F8BC85C-F3C7-4FE6-97D5-30C2DA4858D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8496A6AF-FF0B-4DCD-9524-4C89E74B44C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:10.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0D8D8B8B-FD28-4A42-8364-72D896742533",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "152B13F1-4EB5-4DA0-A943-326F8F324432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9CBA712A-A9FC-4DA9-A06A-9A49A0355F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D807EB1C-6970-4A6D-B50A-A16DC43C443E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1382D72C-1447-4296-A520-BEF4EB48633C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53D578-A6D5-4BD0-9CD2-C8E496D136B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24871067-7ADC-473D-A148-A82BE2C158A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5C6FC1-CD6B-48C0-803C-E77C4B182A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9898EB83-A3A1-45A8-9E88-09A5A27D6EC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2AB2650-7D2B-4117-888D-CCB5E894E5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D32D6A4A-08E6-470E-B82C-D5E4E4B810FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F7499F-5F1E-47BA-8A84-33B55CA4E966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33B065FE-3FA0-4109-90F3-57EABB2DB6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA97B42-BE0D-4D64-9791-C74DE3DB3EA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "811913C6-4E1B-449F-9E95-F57D96436A59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB73BD4-9ECC-458E-925D-FECE9A49BD48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9751FC-5C3C-4D7B-B368-39FF096C1581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E411B60D-4EFA-4A8C-A9A0-74B7524B2B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC7EAB06-39FB-4897-BDCC-B84041DA9AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E727720-92A8-430E-881F-091ACC71E87F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "511D0C5D-55DB-4293-BFE0-17D31073C5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294B9E10-2CF1-47D3-9725-E2A568E17AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*",
              "matchCriteriaId": "397E6105-7508-4DEB-AD6D-1E702E31C875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DD5882F-47AD-44BF-BAF5-4DA6B59A45A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8:*:*:*:*:*:*:*",
              "matchCriteriaId": "65580374-43E4-4EB4-8D66-76FB8AF11568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D501B7FB-1335-4C44-8C4F-DDF033A41E4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5D489D-D2D3-4784-8B80-209344A9FC76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CAAAAF61-C33F-462B-B7C4-9F976235888A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00310A4E-8CC5-4AE4-ACC3-80F1066D4EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D2915C-E4C2-404B-BC2E-10FAAE34A98B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC46928-718B-4CCB-AE4F-A974ACD52AA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6FDB4C-ABA5-418A-81DC-C1735F3F6795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC698BDD-2C43-4F6B-BD9A-29FE9A03449B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "46366B52-A3BE-43B6-9861-1ED8271E224C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32FBC94-72DA-4467-8A63-74C3A3AF7FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su8:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D141B1-48C4-4214-BD66-C0BE88B89863",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:12.5\\(1\\)su9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9693DD-CCAC-418C-9C7A-9E9E8A153B3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3836BAC-BF47-4212-9018-9797A89A528B",
              "versionEndExcluding": "12.6\\(2\\)es_04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9DD393-7E10-4EE5-9FB4-855F3231F989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D2C89A9-B258-4BEC-9819-7AF3229F4343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E53369D-EABA-4381-8480-237881743CB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCEF0CC-0553-4886-863B-61F1994D039B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E310C92-6C6B-4198-9220-4D43730B1AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2FF97D-3E51-473C-8466-E451771BE938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "86884D5E-B015-447A-9834-1264315FCC50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su7:*:*:*:*:*:*:*",
              "matchCriteriaId": "538BCDAE-A94C-4343-B63B-5D29023707E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E89A84F3-E075-4CAF-9B3C-5F080FC37F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDF5353-D773-460B-B02A-5409112BE2E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:12.5\\(1\\)su9:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DE4A5D-BC2D-4F77-91C0-E978EA02AAD8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C923C78-995C-4988-8123-DC32B519A711",
              "versionEndExcluding": "12.6\\(2\\)es06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI de varios productos de Cisco Unified Communications podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los argumentos de comando proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad ejecutando comandos manipulados en la CLI de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de administrador v\u00e1lidas.\n"
    }
  ],
  "id": "CVE-2025-20278",
  "lastModified": "2025-07-31T15:02:05.967",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-04T17:15:27.963",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2015-05-20 00:59

Modified

2025-07-31 15:03

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=38913	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/74732	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1032367	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=38913	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74732	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032367	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	10.6\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA9876F-1048-4E47-B441-16F517B7A41D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en Cisco Unified Intelligence Center 10.6(1) permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCus28826."
    }
  ],
  "id": "CVE-2015-0740",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-05-20T00:59:00.077",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74732"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032367"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-06-16 18:15

Modified

2025-07-31 15:03

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

References

▶	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	12.5\(1\)
cisco	packaged_contact_center_enterprise	-
cisco	unified_contact_center_enterprise	-
cisco	unified_contact_center_express	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B46995-6165-4926-8FAA-B3A3452555D7",
              "versionEndIncluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84C52246-9E02-434A-8E41-76B21DB3F25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:packaged_contact_center_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E50744A-6590-4898-8631-399FFCF415F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FA5E682-2433-41A3-BC69-698BD9A7BD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7125A8B9-93A8-43D4-84D8-483199A8B6B2",
              "versionEndIncluding": "12.5\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Intelligence Center, podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad se presenta debido a que la interfaz de administraci\u00f3n basada en web no comprueba apropiadamente las entradas proporcionadas por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de la interfaz para que haga clic en un enlace dise\u00f1ado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en el navegador"
    }
  ],
  "id": "CVE-2021-1395",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-16T18:15:07.927",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-10-06 10:59

Modified

2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93418
psirt@cisco.com	http://www.securitytracker.com/id/1036953
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93418
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036953

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_express	10.0\(1\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	11.0\(1\)
cisco	unified_intelligence_center	8.5.4
cisco	unified_intelligence_center	9.0\(2\)
cisco	unified_intelligence_center	9.1\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D9C6E-7541-4667-A723-3CE27DB008B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CDF110-17D3-4A1A-ADA2-4D158E172293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7F0FEF-BD6B-487D-9ABA-6643499DBC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "76043C98-3664-45B4-A108-88A7E5228037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "33A6383F-C719-4624-9FF4-BDDDCAA066B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versi\u00f3n 9.1(1), tal como se usa en Unified Contact Center Express 10.0(1) hasta la versi\u00f3n 11.0(1), permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, vulnerabilidad tambi\u00e9n conocida como Bug IDs CSCuy75036 y CSCuy81654."
    }
  ],
  "id": "CVE-2016-6427",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-06T10:59:12.227",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93418"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1036953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93418"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036953"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-04-08 04:15

Modified

2025-07-31 15:03

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

References

▶	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_express	*
cisco	unified_contact_center_express	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E8430E2-42B7-4BF3-A9C6-DF30FCD64854",
              "versionEndIncluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A812DE0-FA3C-4361-8CC2-269E43AA976A",
              "versionEndExcluding": "12.5\\(1\\)su1",
              "versionStartIncluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53015D69-E750-4BBA-9DE0-CCBB2C6AD80B",
              "versionEndIncluding": "11.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB961D31-384B-419A-B5E1-22F290860ADE",
              "versionEndExcluding": "12.0\\(1\\)es14",
              "versionStartIncluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "472FF7A5-997E-432B-A08B-C5AB0F29D306",
              "versionEndExcluding": "12.5\\(1\\)es7",
              "versionStartIncluding": "12.5\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco Unified Intelligence Center, podr\u00eda permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz.\u0026#xa0;Esta vulnerabilidad se presenta porque la interfaz de administraci\u00f3n basada en web no comprueba apropiadamente la entrada suministrada por el usuario.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario de una interfaz afectada para que haga clic en un enlace dise\u00f1ado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador"
    }
  ],
  "id": "CVE-2021-1463",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-08T04:15:13.530",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-10-06 10:59

Modified

2025-04-12 10:46

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93422
psirt@cisco.com	http://www.securitytracker.com/id/1036951
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93422
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036951

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_express	10.0\(1\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	11.0\(1\)
cisco	unified_intelligence_center	8.5.4
cisco	unified_intelligence_center	9.0\(2\)
cisco	unified_intelligence_center	9.1\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D9C6E-7541-4667-A723-3CE27DB008B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CDF110-17D3-4A1A-ADA2-4D158E172293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7F0FEF-BD6B-487D-9ABA-6643499DBC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "76043C98-3664-45B4-A108-88A7E5228037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "33A6383F-C719-4624-9FF4-BDDDCAA066B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versi\u00f3n 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versi\u00f3n 11.0(1), permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, vulnerabilidad tambi\u00e9n conocida como IDs CSCuy75020 y CSCuy81652."
    }
  ],
  "id": "CVE-2016-6425",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-06T10:59:11.257",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93422"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1036951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036951"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2021-12-10 10:15

Modified

2025-08-08 18:52

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

References

URL	Tags
security@apache.org	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory, VDB Entry, Broken Link
security@apache.org	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@apache.org	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@apache.org	http://seclists.org/fulldisclosure/2022/Dec/2	Exploit, Mailing List, Third Party Advisory
security@apache.org	http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List, Third Party Advisory
security@apache.org	http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List, Mitigation, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List, Mitigation, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List, Third Party Advisory
security@apache.org	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
security@apache.org	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
security@apache.org	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
security@apache.org	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
security@apache.org	https://github.com/cisagov/log4j-affected-db	Third Party Advisory
security@apache.org	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link, Product, US Government Resource
security@apache.org	https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit, Third Party Advisory
security@apache.org	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List, Third Party Advisory
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
security@apache.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
security@apache.org	https://logging.apache.org/log4j/2.x/security.html	Release Notes, Vendor Advisory
security@apache.org	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch, Third Party Advisory, Vendor Advisory
security@apache.org	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
security@apache.org	https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
security@apache.org	https://support.apple.com/kb/HT213189	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
security@apache.org	https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link, Exploit, Third Party Advisory
security@apache.org	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
security@apache.org	https://www.debian.org/security/2021/dsa-5020	Mailing List, Third Party Advisory
security@apache.org	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
security@apache.org	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory, US Government Resource
security@apache.org	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
security@apache.org	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html	Third Party Advisory, VDB Entry, Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Dec/2	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Jul/11	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2022/Mar/23	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/10/1	Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/10/2	Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/10/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/13/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/13/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/14/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/12/15/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cisagov/log4j-affected-db	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md	Broken Link, Product, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://logging.apache.org/log4j/2.x/security.html	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20211210-0007/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213189	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/kurtseifried/status/1469345530182455296	Broken Link, Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2021/dsa-5020	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/930724	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
siemens	6bk1602-0aa12-0tp0_firmware	*
siemens	6bk1602-0aa12-0tp0	-
siemens	6bk1602-0aa22-0tp0_firmware	*
siemens	6bk1602-0aa22-0tp0	-
siemens	6bk1602-0aa32-0tp0_firmware	*
siemens	6bk1602-0aa32-0tp0	-
siemens	6bk1602-0aa42-0tp0_firmware	*
siemens	6bk1602-0aa42-0tp0	-
siemens	6bk1602-0aa52-0tp0_firmware	*
siemens	6bk1602-0aa52-0tp0	-
apache	log4j	*
apache	log4j	*
apache	log4j	*
apache	log4j	2.0
apache	log4j	2.0
apache	log4j	2.0
apache	log4j	2.0
siemens	sppa-t3000_ses3000_firmware	*
siemens	sppa-t3000_ses3000	-
siemens	capital	*
siemens	capital	2019.1
siemens	capital	2019.1
siemens	comos	*
siemens	desigo_cc_advanced_reports	3.0
siemens	desigo_cc_advanced_reports	4.0
siemens	desigo_cc_advanced_reports	4.1
siemens	desigo_cc_advanced_reports	4.2
siemens	desigo_cc_advanced_reports	5.0
siemens	desigo_cc_advanced_reports	5.1
siemens	desigo_cc_info_center	5.0
siemens	desigo_cc_info_center	5.1
siemens	e-car_operation_center	*
siemens	energy_engage	3.1
siemens	energyip	8.5
siemens	energyip	8.6
siemens	energyip	8.7
siemens	energyip	9.0
siemens	energyip_prepay	*
siemens	gma-manager	*
siemens	head-end_system_universal_device_integration_system	*
siemens	industrial_edge_management	*
siemens	industrial_edge_management_hub	*
siemens	logo\!_soft_comfort	*
siemens	mendix	*
siemens	mindsphere	*
siemens	navigator	*
siemens	nx	*
siemens	opcenter_intelligence	*
siemens	operation_scheduler	*
siemens	sentron_powermanager	4.1
siemens	sentron_powermanager	4.2
siemens	siguard_dsa	*
siemens	sipass_integrated	2.80
siemens	sipass_integrated	2.85
siemens	siveillance_command	*
siemens	siveillance_control_pro	*
siemens	siveillance_identity	1.5
siemens	siveillance_identity	1.6
siemens	siveillance_vantage	*
siemens	siveillance_viewpoint	*
siemens	solid_edge_cam_pro	*
siemens	solid_edge_harness_design	*
siemens	solid_edge_harness_design	2020
siemens	solid_edge_harness_design	2020
siemens	solid_edge_harness_design	2020
siemens	spectrum_power_4	*
siemens	spectrum_power_4	4.70
siemens	spectrum_power_4	4.70
siemens	spectrum_power_4	4.70
siemens	spectrum_power_7	*
siemens	spectrum_power_7	2.30
siemens	spectrum_power_7	2.30
siemens	spectrum_power_7	2.30
siemens	teamcenter	*
siemens	vesys	*
siemens	vesys	2019.1
siemens	vesys	2019.1
siemens	vesys	2019.1
siemens	vesys	2020.1
siemens	vesys	2021.1
siemens	xpedition_enterprise	-
siemens	xpedition_package_integrator	-
intel	computer_vision_annotation_tool	-
intel	datacenter_manager	*
intel	genomics_kernel_library	-
intel	oneapi_sample_browser	-
intel	secure_device_onboard	-
intel	system_studio	-
debian	debian_linux	9.0
debian	debian_linux	10.0
debian	debian_linux	11.0
fedoraproject	fedora	34
fedoraproject	fedora	35
sonicwall	email_security	*
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	active_iq_unified_manager	-
netapp	brocade_san_navigator	-
netapp	cloud_insights	-
netapp	cloud_manager	-
netapp	cloud_secure_agent	-
netapp	oncommand_insight	-
netapp	ontap_tools	-
netapp	snapcenter	-
netapp	solidfire_\&_hci_storage_node	-
netapp	solidfire_enterprise_sds	-
cisco	advanced_malware_protection_virtual_private_cloud_appliance	*
cisco	automated_subsea_tuning	*
cisco	broadworks	*
cisco	business_process_automation	*
cisco	business_process_automation	*
cisco	business_process_automation	*
cisco	cloud_connect	*
cisco	cloudcenter	*
cisco	cloudcenter_cost_optimizer	*
cisco	cloudcenter_suite_admin	*
cisco	cloudcenter_workload_manager	*
cisco	common_services_platform_collector	*
cisco	common_services_platform_collector	*
cisco	connected_mobile_experiences	-
cisco	contact_center_domain_manager	*
cisco	contact_center_management_portal	*
cisco	crosswork_data_gateway	*
cisco	crosswork_data_gateway	3.0.0
cisco	crosswork_network_controller	*
cisco	crosswork_network_controller	3.0.0
cisco	crosswork_optimization_engine	*
cisco	crosswork_optimization_engine	3.0.0
cisco	crosswork_platform_infrastructure	*
cisco	crosswork_platform_infrastructure	4.1.0
cisco	crosswork_zero_touch_provisioning	*
cisco	crosswork_zero_touch_provisioning	3.0.0
cisco	customer_experience_cloud_agent	*
cisco	cyber_vision_sensor_management_extension	*
cisco	data_center_network_manager	*
cisco	data_center_network_manager	11.3\(1\)
cisco	dna_center	*
cisco	dna_center	*
cisco	dna_center	*
cisco	dna_spaces\	_connector
cisco	emergency_responder	*
cisco	enterprise_chat_and_email	*
cisco	evolved_programmable_network_manager	*
cisco	finesse	*
cisco	finesse	12.6\(1\)
cisco	fog_director	-
cisco	identity_services_engine	*
cisco	identity_services_engine	2.4.0
cisco	integrated_management_controller_supervisor	*
cisco	intersight_virtual_appliance	*
cisco	iot_operations_dashboard	-
cisco	network_assurance_engine	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	network_services_orchestrator	*
cisco	nexus_dashboard	*
cisco	nexus_insights	*
cisco	optical_network_controller	*
cisco	packaged_contact_center_enterprise	*
cisco	packaged_contact_center_enterprise	11.6\(1\)
cisco	paging_server	*
cisco	prime_service_catalog	*
cisco	sd-wan_vmanage	*
cisco	sd-wan_vmanage	*
cisco	sd-wan_vmanage	*
cisco	sd-wan_vmanage	*
cisco	smart_phy	*
cisco	ucs_central	*
cisco	ucs_director	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	*
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)
cisco	unified_communications_manager	11.5\(1\)su3
cisco	unified_communications_manager_im_and_presence_service	*
cisco	unified_communications_manager_im_and_presence_service	11.5\(1\)
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	11.6\(2\)
cisco	unified_contact_center_express	*
cisco	unified_customer_voice_portal	*
cisco	unified_customer_voice_portal	11.6
cisco	unified_customer_voice_portal	12.0
cisco	unified_customer_voice_portal	12.5
cisco	unified_intelligence_center	*
cisco	unity_connection	*
cisco	video_surveillance_operations_manager	*
cisco	virtual_topology_system	*
cisco	virtualized_infrastructure_manager	*
cisco	virtualized_infrastructure_manager	*
cisco	virtualized_voice_browser	*
cisco	wan_automation_engine	*
cisco	webex_meetings_server	*
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	4.0
cisco	webex_meetings_server	4.0
cisco	webex_meetings_server	4.0
cisco	webex_meetings_server	4.0
cisco	workload_optimization_manager	*
cisco	unified_sip_proxy	*
cisco	unified_workforce_optimization	*
cisco	firepower_1010	-
cisco	firepower_1120	-
cisco	firepower_1140	-
cisco	firepower_1150	-
cisco	firepower_2110	-
cisco	firepower_2120	-
cisco	firepower_2130	-
cisco	firepower_2140	-
cisco	firepower_4110	-
cisco	firepower_4112	-
cisco	firepower_4115	-
cisco	firepower_4120	-
cisco	firepower_4125	-
cisco	firepower_4140	-
cisco	firepower_4145	-
cisco	firepower_4150	-
cisco	firepower_9300	-
cisco	fxos	6.2.3
cisco	fxos	6.3.0
cisco	fxos	6.4.0
cisco	fxos	6.5.0
cisco	fxos	6.6.0
cisco	fxos	6.7.0
cisco	fxos	7.0.0
cisco	fxos	7.1.0
cisco	automated_subsea_tuning	02.01.00
cisco	broadworks	-
cisco	cloudcenter_suite	4.10\(0.15\)
cisco	cloudcenter_suite	5.3\(0\)
cisco	cloudcenter_suite	5.4\(1\)
cisco	cloudcenter_suite	5.5\(0\)
cisco	cloudcenter_suite	5.5\(1\)
cisco	common_services_platform_collector	002.009\(000.000\)
cisco	common_services_platform_collector	002.009\(000.001\)
cisco	common_services_platform_collector	002.009\(000.002\)
cisco	common_services_platform_collector	002.009\(001.000\)
cisco	common_services_platform_collector	002.009\(001.001\)
cisco	common_services_platform_collector	002.009\(001.002\)
cisco	common_services_platform_collector	002.010\(000.000\)
cisco	connected_analytics_for_network_deployment	006.004.000.003
cisco	connected_analytics_for_network_deployment	006.005.000.
cisco	connected_analytics_for_network_deployment	006.005.000.000
cisco	connected_analytics_for_network_deployment	007.000.001
cisco	connected_analytics_for_network_deployment	007.001.000
cisco	connected_analytics_for_network_deployment	007.002.000
cisco	connected_analytics_for_network_deployment	7.3
cisco	connected_analytics_for_network_deployment	007.003.000
cisco	connected_analytics_for_network_deployment	007.003.001.001
cisco	connected_analytics_for_network_deployment	007.003.003
cisco	connected_analytics_for_network_deployment	008.000.000
cisco	connected_analytics_for_network_deployment	008.000.000.000.004
cisco	crosswork_network_automation	-
cisco	crosswork_network_automation	2.0.0
cisco	crosswork_network_automation	3.0.0
cisco	crosswork_network_automation	4.1.0
cisco	crosswork_network_automation	4.1.1
cisco	cx_cloud_agent	001.012
cisco	cyber_vision	4.0.2
cisco	cyber_vision_sensor_management_extension	4.0.2
cisco	dna_center	2.2.2.8
cisco	dna_spaces	-
cisco	dna_spaces_connector	-
cisco	emergency_responder	11.5
cisco	emergency_responder	11.5\(4.65000.14\)
cisco	emergency_responder	11.5\(4.66000.14\)
cisco	enterprise_chat_and_email	12.0\(1\)
cisco	enterprise_chat_and_email	12.5\(1\)
cisco	enterprise_chat_and_email	12.6\(1\)
cisco	evolved_programmable_network_manager	3.0
cisco	evolved_programmable_network_manager	3.1
cisco	evolved_programmable_network_manager	4.0
cisco	evolved_programmable_network_manager	4.1
cisco	evolved_programmable_network_manager	5.0
cisco	evolved_programmable_network_manager	5.1
cisco	finesse	12.5\(1\)
cisco	finesse	12.5\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	finesse	12.6\(1\)
cisco	firepower_threat_defense	6.2.3
cisco	firepower_threat_defense	6.3.0
cisco	firepower_threat_defense	6.4.0
cisco	firepower_threat_defense	6.5.0
cisco	firepower_threat_defense	6.6.0
cisco	firepower_threat_defense	6.7.0
cisco	firepower_threat_defense	7.0.0
cisco	firepower_threat_defense	7.1.0
cisco	identity_services_engine	002.004\(000.914\)
cisco	identity_services_engine	002.006\(000.156\)
cisco	identity_services_engine	002.007\(000.356\)
cisco	identity_services_engine	003.000\(000.458\)
cisco	identity_services_engine	003.001\(000.518\)
cisco	identity_services_engine	003.002\(000.116\)
cisco	integrated_management_controller_supervisor	002.003\(002.000\)
cisco	integrated_management_controller_supervisor	2.3.2.0
cisco	intersight_virtual_appliance	1.0.9-343
cisco	mobility_services_engine	-
cisco	network_assurance_engine	6.0\(2.1912\)
cisco	network_dashboard_fabric_controller	11.0\(1\)
cisco	network_dashboard_fabric_controller	11.1\(1\)
cisco	network_dashboard_fabric_controller	11.2\(1\)
cisco	network_dashboard_fabric_controller	11.3\(1\)
cisco	network_dashboard_fabric_controller	11.4\(1\)
cisco	network_dashboard_fabric_controller	11.5\(1\)
cisco	network_dashboard_fabric_controller	11.5\(2\)
cisco	network_dashboard_fabric_controller	11.5\(3\)
cisco	network_insights_for_data_center	6.0\(2.1914\)
cisco	network_services_orchestrator	-
cisco	optical_network_controller	1.1
cisco	paging_server	8.3\(1\)
cisco	paging_server	8.4\(1\)
cisco	paging_server	8.5\(1\)
cisco	paging_server	9.0\(1\)
cisco	paging_server	9.0\(2\)
cisco	paging_server	9.1\(1\)
cisco	paging_server	12.5\(2\)
cisco	paging_server	14.0\(1\)
cisco	prime_service_catalog	12.1
cisco	sd-wan_vmanage	20.3
cisco	sd-wan_vmanage	20.4
cisco	sd-wan_vmanage	20.5
cisco	sd-wan_vmanage	20.6
cisco	sd-wan_vmanage	20.6.1
cisco	sd-wan_vmanage	20.7
cisco	sd-wan_vmanage	20.8
cisco	smart_phy	3.1.2
cisco	smart_phy	3.1.3
cisco	smart_phy	3.1.4
cisco	smart_phy	3.1.5
cisco	smart_phy	3.2.1
cisco	smart_phy	21.3
cisco	ucs_central_software	2.0
cisco	ucs_central_software	2.0\(1a\)
cisco	ucs_central_software	2.0\(1b\)
cisco	ucs_central_software	2.0\(1c\)
cisco	ucs_central_software	2.0\(1d\)
cisco	ucs_central_software	2.0\(1e\)
cisco	ucs_central_software	2.0\(1f\)
cisco	ucs_central_software	2.0\(1g\)
cisco	ucs_central_software	2.0\(1h\)
cisco	ucs_central_software	2.0\(1k\)
cisco	ucs_central_software	2.0\(1l\)
cisco	unified_communications_manager	11.5\(1.17900.52\)
cisco	unified_communications_manager	11.5\(1.18119.2\)
cisco	unified_communications_manager	11.5\(1.18900.97\)
cisco	unified_communications_manager	11.5\(1.21900.40\)
cisco	unified_communications_manager	11.5\(1.22900.28\)
cisco	unified_communications_manager_im_\&_presence_service	11.5\(1\)
cisco	unified_communications_manager_im_\&_presence_service	11.5\(1.22900.6\)
cisco	unified_computing_system	006.008\(001.000\)
cisco	unified_contact_center_enterprise	11.6\(2\)
cisco	unified_contact_center_enterprise	12.0\(1\)
cisco	unified_contact_center_enterprise	12.5\(1\)
cisco	unified_contact_center_enterprise	12.6\(1\)
cisco	unified_contact_center_enterprise	12.6\(2\)
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.6\(1\)
cisco	unified_contact_center_express	12.6\(2\)
cisco	unified_contact_center_management_portal	12.6\(1\)
cisco	unified_customer_voice_portal	11.6\(1\)
cisco	unified_customer_voice_portal	12.0\(1\)
cisco	unified_customer_voice_portal	12.5\(1\)
cisco	unified_customer_voice_portal	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_sip_proxy	010.000\(000\)
cisco	unified_sip_proxy	010.000\(001\)
cisco	unified_sip_proxy	010.002\(000\)
cisco	unified_sip_proxy	010.002\(001\)
cisco	unified_workforce_optimization	11.5\(1\)
cisco	unity_connection	11.5
cisco	unity_connection	11.5\(1.10000.6\)
cisco	video_surveillance_manager	7.14\(1.26\)
cisco	video_surveillance_manager	7.14\(2.26\)
cisco	video_surveillance_manager	7.14\(3.025\)
cisco	video_surveillance_manager	7.14\(4.018\)
cisco	virtual_topology_system	2.6.6
cisco	wan_automation_engine	7.1.3
cisco	wan_automation_engine	7.2.1
cisco	wan_automation_engine	7.2.2
cisco	wan_automation_engine	7.2.3
cisco	wan_automation_engine	7.3
cisco	wan_automation_engine	7.4
cisco	wan_automation_engine	7.5
cisco	wan_automation_engine	7.6
cisco	webex_meetings_server	3.0
cisco	webex_meetings_server	4.0
snowsoftware	snow_commander	*
snowsoftware	vm_access_proxy	*
bentley	synchro	*
bentley	synchro_4d	*
percussion	rhythmyx	*
apple	xcode	*

JSON

To clipboard

{
  "cisaActionDue": "2021-12-24",
  "cisaExploitAdd": "2021-12-10",
  "cisaRequiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.",
  "cisaVulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD64FC36-CC7B-4FD7-9845-7EA1DDB0E627",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF99FE8F-40D0-48A8-9A40-43119B259535",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0012304-B1C8-460A-B891-42EBF96504F5",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F61BCB-64FA-463C-8B95-8868995EDBC0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02BCF56-D9D3-4BF3-85A2-D445E997F5EC",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A189B7-DDBF-4B84-997F-637CEC5FF12B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2DB5BA-1065-467A-8FB6-81B5EC29DC0C",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "035AFD6F-E560-43C8-A283-8D80DAA33025",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "809EB87E-561A-4DE5-9FF3-BBEE0FA3706E",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4594FF76-A1F8-4457-AE90-07D051CD0DCB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FA5E81-F9C0-403E-8A4B-E4284E4E7B72",
              "versionEndExcluding": "2.3.1",
              "versionStartIncluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED3D5EC-DAD5-4E5F-8BBD-B4E3349D84FC",
              "versionEndExcluding": "2.12.2",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31D423D-FC4D-428A-B863-55AF472B80DC",
              "versionEndExcluding": "2.15.0",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:sppa-t3000_ses3000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8320869-CBF4-4C92-885C-560C09855BFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:sppa-t3000_ses3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "755BA221-33DD-40A2-A517-8574D042C261",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:capital:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AAF12D5-7961-4344-B0CC-BE1C673BFE1F",
              "versionEndExcluding": "2019.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:capital:2019.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "19CB7B44-1877-4739-AECB-3E995ED03FC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:capital:2019.1:sp1912:*:*:*:*:*:*",
              "matchCriteriaId": "A883D9C2-F2A4-459F-8000-EE288DC0DD17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CD4AC6F-B8D3-4588-B3BD-55C9BAF4AAAC",
              "versionEndExcluding": "10.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AFD64AC-0826-48FB-91B0-B8DF5ECC8775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB524B33-68E7-46A2-B5CE-BCD9C3194B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F852C6D-44A0-4CCE-83C7-4501CAD73F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA61161C-C2E7-4852-963E-E2D3DFBFDC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A76AA04A-BB43-4027-895E-D1EACFCDF41B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_advanced_reports:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A6B60F3-327B-49B7-B5E4-F1C60896C9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCF281E-B0A2-49E2-AEF8-8691BDCE08D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:desigo_cc_info_center:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87EFCC4-4BC1-4FEA-BAA4-8FF221838EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:e-car_operation_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B678380B-E95E-4A8B-A49D-D13B62AA454E",
              "versionEndExcluding": "2021-12-13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energy_engage:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4557476B-0157-44C2-BB50-299E7C7E1E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B2959-5AA3-4B68-A05A-42D9860FAA9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5948A0-CA31-41DF-85B6-1E6D09E5720B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C08D302-EEAC-45AA-9943-3A5F09E29FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D53BA68C-B653-4507-9A2F-177CF456960F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:energyip_prepay:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "536C7527-27E6-41C9-8ED8-564DD0DC4EA0",
              "versionEndExcluding": "3.8.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:gma-manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E180527-5C36-4158-B017-5BEDC0412FD6",
              "versionEndExcluding": "8.6.2j-398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:head-end_system_universal_device_integration_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFDADA98-1CD0-45DA-9082-BFC383F7DB97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:industrial_edge_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33D707F-100E-4DE7-A05B-42467DE75EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:industrial_edge_management_hub:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD3EAC80-44BE-41D2-8D57-0EE3DBA1E1B1",
              "versionEndExcluding": "2021-12-13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC8AB52-F4F4-440D-84F5-2776BFE1957A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AF6D774-AC8C-49CA-A00B-A2740CA8FA91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:mindsphere:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FADB1B-988D-4DB9-9138-7542AFDEB672",
              "versionEndExcluding": "2021-12-16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:navigator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C6A61B-2198-4B9E-8BCF-824643C81EC3",
              "versionEndExcluding": "2021-12-13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:nx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEE2F7A1-8281-48F1-8BFB-4FE0D7E1AEF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:opcenter_intelligence:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07AFA19-21AE-4C7E-AA95-69599834C0EC",
              "versionEndExcluding": "3.5",
              "versionStartIncluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74D1F4AD-9A60-4432-864F-4505B3C60659",
              "versionEndIncluding": "1.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ABA5332-8D1E-4129-A557-FCECBAC12827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sentron_powermanager:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3AA865-5570-4C8B-99DE-431AD7B163F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siguard_dsa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A4B950B-4527-491B-B111-046DB1CCC037",
              "versionEndExcluding": "4.4.1",
              "versionStartIncluding": "4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_command:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC0A575-F771-4B44-A0C6-6A5FD98E5134",
              "versionEndIncluding": "4.16.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_control_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1D6B61-1F17-4008-9DFB-EF419777768E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_vantage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F30DE588-9479-46AA-8346-EA433EE83A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_viewpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4941EAD6-8759-4C72-ABA6-259C0E838216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_cam_pro:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF2708F-0BD9-41BF-8CB1-4D06C4EFB777",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0762031C-DFF1-4962-AE05-0778B27324B9",
              "versionEndExcluding": "2020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:*:*:*:*:*:*:*",
              "matchCriteriaId": "96271088-1D1B-4378-8ABF-11DAB3BB4DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:-:*:*:*:*:*:*",
              "matchCriteriaId": "2595AD24-2DF2-4080-B780-BC03F810B9A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:solid_edge_harness_design:2020:sp2002:*:*:*:*:*:*",
              "matchCriteriaId": "88096F08-F261-4E3E-9EEB-2AB0225CD6F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "044994F7-8127-4F03-AA1A-B2AB41D68AF5",
              "versionEndExcluding": "4.70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:-:*:*:*:*:*:*",
              "matchCriteriaId": "A6CB3A8D-9577-41FB-8AC4-0DF8DE6A519C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "17B7C211-6339-4AF2-9564-94C7DE52EEB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_4:4.70:sp8:*:*:*:*:*:*",
              "matchCriteriaId": "DBCCBBBA-9A4F-4354-91EE-10A1460BBA3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F81F6B-E455-4367-ADA4-8A5EC7F4754A",
              "versionEndExcluding": "2.30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5EF509E-3799-4718-B361-EFCBA17AEEF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:-:*:*:*:*:*:*",
              "matchCriteriaId": "8CA31645-29FC-4432-9BFC-C98A808DB8CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:spectrum_power_7:2.30:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BB424991-0B18-4FFC-965F-FCF4275F56C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:teamcenter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B209EFE-77F2-48CD-A880-ABA0A0A81AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72D238AB-4A1F-458D-897E-2C93DCD7BA6C",
              "versionEndExcluding": "2019.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2019.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9778339A-EA93-4D18-9A03-4EB4CBD25459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2019.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "1747F127-AB45-4325-B9A1-F3D12E69FFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2019.1:sp1912:*:*:*:*:*:*",
              "matchCriteriaId": "18BBEF7C-F686-4129-8EE9-0F285CE38845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2020.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "264C7817-0CD5-4370-BC39-E1DF3E932E16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:vesys:2021.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "C7442C42-D493-46B9-BCC2-2C62EAD5B945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:xpedition_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD525494-2807-48EA-AED0-11B9CB5A6A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:xpedition_package_integrator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EDCBF98-A857-48BC-B04D-6F36A1975AA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:computer_vision_annotation_tool:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A06BF8-E4DC-4389-8A91-8AC7598E0009",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:datacenter_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAD1E1F3-F06B-4D17-8854-2CDA7E6D872D",
              "versionEndExcluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:genomics_kernel_library:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18989EBC-E1FB-473B-83E0-48C8896C2E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:oneapi_sample_browser:-:*:*:*:*:eclipse:*:*",
              "matchCriteriaId": "EDE66B6C-25E5-49AE-B35F-582130502222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:secure_device_onboard:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BEE177-D117-478C-8EAD-9606DEDF9FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:system_studio:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC619106-991C-413A-809D-C2410EBA4CDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7D45EF-18F7-43C6-9B51-ABAB7B0CA3CD",
              "versionEndExcluding": "10.0.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_tools:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "CBCC384C-5DF0-41AB-B17B-6E9B6CAE8065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "F3A48D58-4291-4D3C-9CEA-BF12183468A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_storage_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire_enterprise_sds:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D18075A-E8D6-48B8-A7FA-54E336A434A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:advanced_malware_protection_virtual_private_cloud_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52AF19-0158-451B-8E36-02CB6406083F",
              "versionEndExcluding": "3.5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:automated_subsea_tuning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB21CFB4-4492-4C5D-BD07-FFBE8B5D92B6",
              "versionEndExcluding": "2.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:broadworks:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97426511-9B48-46F5-AC5C-F9781F1BAE2F",
              "versionEndExcluding": "2021.11_1.162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82306B9F-AE97-4E29-A8F7-2E5BA52998A7",
              "versionEndExcluding": "3.0.000.115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C903C85-DC0F-47D8-B8BE-7A666877B017",
              "versionEndExcluding": "3.1.000.044",
              "versionStartIncluding": "3.1.000.000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:business_process_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C6F9E0-5DCE-431D-AE7E-B680AC1F9332",
              "versionEndExcluding": "3.2.000.009",
              "versionStartIncluding": "3.2.000.000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloud_connect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52CF6199-8028-4076-952B-855984F30129",
              "versionEndExcluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "622BB8D9-AC81-4C0F-A5C5-C5E51F0BC0D1",
              "versionEndExcluding": "4.10.0.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_cost_optimizer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38FB3CE1-5F62-4798-A825-4E3DB07E868F",
              "versionEndExcluding": "5.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite_admin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29CDB878-B085-448E-AB84-25B1E2D024F8",
              "versionEndExcluding": "5.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_workload_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25FDA96-9490-431F-B8B6-CC2CC272670E",
              "versionEndExcluding": "5.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CD9E4C-9385-435C-AD18-6C36C8DF7B65",
              "versionEndExcluding": "2.9.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0AC4C1-CB06-4084-BFBB-5B702C384C53",
              "versionEndExcluding": "2.10.0.1",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_mobile_experiences:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3871EBD2-F270-435A-B98C-A282E1C52693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:contact_center_domain_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4DF34B-E8C2-41C8-90E2-D119B50E4E7E",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:contact_center_management_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EF64DA-73E4-4E5E-8F9A-B837C947722E",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66E1E4FC-0B6E-4CFA-B003-91912F8785B2",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_data_gateway:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2390C3-C319-4F05-8CF0-0D30F9931507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C154491E-06C7-48B0-AC1D-89BBDBDB902E",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_controller:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E98EC48-0CED-4E02-9CCB-06EF751F2BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_optimization_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C569DC2A-CFF6-4E13-A50C-E215A4F96D99",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_optimization_engine:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "258A51AC-6649-4F67-A842-48A7AE4DCEE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC22505-DE11-4A1B-8C06-1E306419B031",
              "versionEndExcluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_platform_infrastructure:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E31AC54-B928-48B5-8293-F5F4A7A8C293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8AE870-6FD0-40D2-958B-548E2D7A7B75",
              "versionEndExcluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_zero_touch_provisioning:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E7D83B-B6AC-45B1-89A4-D18D7A6018DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:customer_experience_cloud_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17660B09-47AA-42A2-B5FF-8EBD8091C661",
              "versionEndExcluding": "1.12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9A82-16AE-437A-B8CF-CC7E9B6C4E44",
              "versionEndExcluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:data_center_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "843147AE-8117-4FE9-AE74-4E1646D55642",
              "versionEndExcluding": "11.3\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:data_center_network_manager:11.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7EB871C9-CA14-4829-AED3-CC2B35E99E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FF8A83D-A282-4661-B133-213A8838FB27",
              "versionEndExcluding": "2.1.2.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "139CDAA5-63E9-4E56-AF72-745BD88E4B49",
              "versionEndExcluding": "2.2.2.8",
              "versionStartIncluding": "2.2.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01FD99C4-BCB1-417E-ADCE-73314AD2E857",
              "versionEndExcluding": "2.2.3.4",
              "versionStartIncluding": "2.2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_spaces\\:_connector:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9031BE8A-646A-4581-BDE5-750FB0CE04CB",
              "versionEndExcluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BED3E2-46FF-4E58-8C5D-4D8FE5B0E527",
              "versionEndExcluding": "11.5\\(4\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C950436-2372-4C4B-9B56-9CB48D843045",
              "versionEndExcluding": "12.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B61F186-D943-4711-B3E0-875BB570B142",
              "versionEndIncluding": "4.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A285C40-170D-4C95-8031-2C6E4D5FB1D4",
              "versionEndExcluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3C0F02B5-AA2A-48B2-AE43-38B45532C563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:fog_director:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "830BDB28-963F-46C3-8D50-638FDABE7F64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54553C65-6BFA-40B1-958D-A4E3289D6B1D",
              "versionEndExcluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "439948AD-C95D-4FC3-ADD1-C3D241529F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C2002AE-0F3C-4A06-9B9A-F77A9F700EB2",
              "versionEndExcluding": "2.3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "596A986D-E7DC-4FC4-A776-6FE87A91D7E4",
              "versionEndExcluding": "1.0.9-361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:iot_operations_dashboard:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD93434E-8E75-469C-B12B-7E2B6EDCAA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_assurance_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78684844-4974-41AD-BBC1-961F60025CD2",
              "versionEndExcluding": "6.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A00D235-FC9C-4EB7-A16C-BB0B09802E61",
              "versionEndExcluding": "5.3.5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C60FDD1B-898E-4FCB-BDE2-45A7CBDBAF4F",
              "versionEndExcluding": "5.4.5.2",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A33E5F-BBC7-4917-9C63-900248B546D9",
              "versionEndExcluding": "5.5.4.1",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D98A7C-4992-4E58-A6BD-3D8173C8F2B0",
              "versionEndExcluding": "5.6.3.1",
              "versionStartIncluding": "5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2DDC1AF-31B5-4F05-B84F-8FD23BE163DA",
              "versionEndExcluding": "2.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:nexus_insights:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4540CF6-D33E-4D33-8608-11129D6591FA",
              "versionEndExcluding": "6.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:optical_network_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "129A7615-99E7-41F8-8EBC-CEDA10AD89AD",
              "versionEndExcluding": "1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F46A7AC-C133-442D-984B-BA278951D0BF",
              "versionEndExcluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A75AB6-C3A7-4299-B35A-46A4BCD00816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A73E888-C8C2-4AFD-BA60-566D45214BCA",
              "versionEndExcluding": "14.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_service_catalog:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0D0FD0-ABC6-465F-AB8D-FA8788B1B2DD",
              "versionEndExcluding": "12.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D673F6F7-C42A-4538-96F0-34CB4F0CB080",
              "versionEndExcluding": "20.3.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD374819-3CED-4260-90B6-E3C1333EAAD2",
              "versionEndExcluding": "20.4.2.1",
              "versionStartIncluding": "20.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D89973-94AF-4BE7-8245-275F3FEB30F4",
              "versionEndExcluding": "20.5.1.1",
              "versionStartIncluding": "20.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A9A889-2C2B-4147-8108-C35291761C15",
              "versionEndExcluding": "20.6.2.1",
              "versionStartIncluding": "20.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0EEA1EC-C63C-4C7D-BFAE-BA4556332242",
              "versionEndExcluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACE22D97-42FA-4179-99E5-C2EE582DB7FF",
              "versionEndExcluding": "2.0\\(1p\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B5DB6D-9E7D-4403-8028-D7DA7493716B",
              "versionEndExcluding": "6.8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "B98D7AD5-0590-43FB-8AC0-376C9C500C15",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "D9DA1900-9972-4DFD-BE2E-74DABA1ED9A9",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "42A41C41-A370-4C0E-A49D-AD42B2F3FB5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:-:*:*:*",
              "matchCriteriaId": "7E958AFF-185D-4D55-B74B-485BEAEC42FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\):*:*:*:session_management:*:*:*",
              "matchCriteriaId": "F770709C-FFB2-4A4E-A2D8-2EAA23F2E87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85B81F9-8837-426E-8639-AB0712CD1A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CCCD27-A247-4720-A2FE-C8ED55D1D0DE",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "34D89C42-AAD9-4B04-9F95-F77681E39553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "897C8893-B0B6-4D6E-8D70-31B421D80B9A",
              "versionEndExcluding": "11.6\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "91D62A73-21B5-4D16-A07A-69AED2D40CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0492049-D3AC-4512-A4BF-C9C26DA72CB0",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3868A8AA-6660-4332-AB0C-089C150D00E7",
              "versionEndExcluding": "11.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BD72D6-4A79-49C9-9652-AB0136A591FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32761FD-B435-4E51-807C-2B245857F90E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "154F7F71-53C5-441C-8F5C-0A82CB0DEC43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD68514-1566-4E7C-879C-76D35084F7BE",
              "versionEndExcluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65FD3873-2663-4C49-878F-7C65D4B8E455",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_operations_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0886FB04-24AA-4995-BA53-1E44F94E114E",
              "versionEndExcluding": "7.14.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61805C1-1F73-462C-A9CA-BB0CA4E57D0B",
              "versionEndExcluding": "2.6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB39834-0F6D-4BD7-AFEC-DD8BEE46DA50",
              "versionEndExcluding": "3.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_infrastructure_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B78DD21-15F2-47A4-8A99-6DB6756920AC",
              "versionEndExcluding": "3.4.4",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C6222EB-36E1-4CD5-BD69-5A921ED5DA6A",
              "versionEndExcluding": "12.5\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C200CABD-F91B-49C4-A262-C56370E44B4C",
              "versionEndExcluding": "7.3.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE22BE9B-374E-43DC-BA91-E3B9699A4C7C",
              "versionEndExcluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "61D1081F-87E8-4E8B-BEBD-0F239E745586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "8D138973-02B0-4FEC-A646-FF1278DA1EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "30B55A5B-8C5E-4ECB-9C85-A8A3A3030850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "14DBEC10-0641-441C-BE15-8F72C1762DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3:-:*:*:*:*:*",
              "matchCriteriaId": "205C1ABA-2A4F-480F-9768-7E3EC43B03F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch4:*:*:*:*:*:*",
              "matchCriteriaId": "D36FE453-C43F-448B-8A59-668DE95468C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_security_patch5:*:*:*:*:*:*",
              "matchCriteriaId": "E8DF0944-365F-4149-9059-BDFD6B131DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_2:*:*:*:*:*:*",
              "matchCriteriaId": "6B37AA08-13C7-4FD0-8402-E344A270C8F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release3_service_pack_3:*:*:*:*:*:*",
              "matchCriteriaId": "2AA56735-5A5E-4D8C-B09D-DBDAC2B5C8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:maintenance_release4:*:*:*:*:*:*",
              "matchCriteriaId": "4646849B-8190-4798-833C-F367E28C1881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4D6CF856-093A-4E89-A71D-50A2887C265B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "B36A9043-0621-43CD-BFCD-66529F937859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "8842B42E-C412-4356-9F54-DFC53B683D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "D25BC647-C569-46E5-AD45-7E315EBEB784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:workload_optimization_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B468EDA1-CDEF-44D4-9D62-C433CF27F631",
              "versionEndExcluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_sip_proxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4905E2-2129-469C-8BBD-EDA258815E2B",
              "versionEndExcluding": "10.2.1v2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_workforce_optimization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC86AC6C-7C08-4EB9-A588-A034113E4BB1",
              "versionEndExcluding": "11.5\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFE3880-4B85-4E23-9836-70875D5109F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "727A02E8-40A1-4DFE-A3A2-91D628D3044F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F6546E-28F4-40DC-97D6-E0E023FE939B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_1150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3B0EC3-4654-4D90-9D41-7EC2AD1DDF99",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D96810-5F79-4A83-B8CA-D015790FCF72",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FE2945-4975-4003-AE48-7E134E167A7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE7122A-5AA7-4ECD-B024-E27C9D0CFB7B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_2140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "976901BF-C52C-4F81-956A-711AF8A60140",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C8AD48-0130-4C20-ADEC-697668E2293B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E75EF7C-8D71-4D70-91F0-74FC99A90CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB7EE7D-8CB4-4804-9F9D-F235608E86E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77571973-2A94-4E15-AC5B-155679C3C565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA405A50-3F31-48ED-9AF1-4B02F5B367DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3753953-04E8-4382-A6EC-CD334DD83CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A5F89F-1296-4A0F-A36D-082A481F190F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:fxos:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F50F48AF-44FF-425C-9685-E386F956C901",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:automated_subsea_tuning:02.01.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D28E76-56D4-4C9A-A660-7CD7E0A1AC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:broadworks:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD975A0E-00A6-475E-9064-1D64E4291499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2E50AC21-DA54-4BC8-A503-1935FD1714C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4D05E169-4AF1-4127-A917-056EC2CE781B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8AD415A2-422E-4F15-A177-C3696FEAFF0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "134443B7-7BA8-4B50-8874-D4BF931BECFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter_suite:5.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "73ADF6EA-CD29-4835-8D72-84241D513AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BAC1A386-04C7-45B2-A883-1CD9AB60C14B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3F0F1639-D69E-473A-8926-827CCF73ACC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(000.002\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FDF900-E9D6-454A-BF6B-821620CA59F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1859BD43-BA2B-45A5-B523-C6BFD34C7B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBC145C-9A2F-4B76-953E-0F690314511C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.009\\(001.002\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "158B7A53-FEC1-4B42-A1E2-E83E99564B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:common_services_platform_collector:002.010\\(000.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3A378971-1A08-4914-B012-8E24DCDEFC68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.004.000.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E5CC012-DC85-481A-B82A-9323C19674DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.:*:*:*:*:*:*:*",
              "matchCriteriaId": "76CF59ED-685D-46CD-80A2-AEDA4F03FE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:006.005.000.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "960B07C0-E205-47E7-B578-46A0AF559D04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.000.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1A194E1-405E-47FA-8CDF-58EB78883ACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.001.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E628231-61FB-40AF-A20B-00F5CB78E63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.002.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA25E92-2C76-4722-BA06-53F33C0D961C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D2940A-0D03-415B-B72E-1F6862DDAC41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B346ADC-00BE-4409-B658-A11351D2A7D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.001.001:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A0E44A9-C427-493B-868A-8A8DA405E759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:007.003.003:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2B31E7C-0EB3-4996-8859-DF94A3EE20B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAB3E03-275F-4942-9396-FC7A22F42C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:connected_analytics_for_network_deployment:008.000.000.000.004:*:*:*:*:*:*:*",
              "matchCriteriaId": "19DAD751-D170-4914-BAB2-6054DFEEF404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F429F37-3576-4D8A-9901-359D65EC3CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F526DEF1-4A3E-4FE1-8153-E9252DAE5B92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19679D0-F4DC-4130-AFFD-692E5130531A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D2FBF3-D8AB-41F0-B170-9E56FBF7E2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:crosswork_network_automation:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F60324DD-8450-4B14-A7A1-0D5EA5163580",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cx_cloud_agent:001.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F6DFD1-273B-4292-A22C-F2BE0DD3FB3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cyber_vision:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EA024C-97A4-4D33-BC3E-51DB77C51E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cyber_vision_sensor_management_extension:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "85289E35-C7C2-46D0-9BDC-10648DD2C86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_center:2.2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "17282822-C082-4FBC-B46D-468DCF8EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_spaces:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5463DA6-5D44-4C32-B46C-E8A2ADD7646B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:dna_spaces_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A237CF-A439-4114-AF81-D75582F29573",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A37D19BF-E4F5-4AF4-8942-0C3B62C4BF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.65000.14\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF25688B-6659-4C7C-866D-79AA1166AD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(4.66000.14\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "47B70741-90D9-4676-BF16-8A21E147F532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED862A1B-E558-4D44-839C-270488E735BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2678AF98-1194-4810-9933-5BA50E409F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:enterprise_chat_and_email:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "37E7DEBD-9E47-4D08-86BC-D1B013450A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A935862-18F7-45FE-B647-1A9BA454E304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69594997-2568-4C10-A411-69A50BFD175F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC39E2D-C47B-4311-BC7B-130D432549F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5E6CBE-D82C-4001-87CB-73DF526F0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "460E6456-0E51-45BC-868E-DEEA5E3CD366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F58659-A318-42A0-83C5-8F09FCD78982",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su1:*:*:*:*:*:*",
              "matchCriteriaId": "D8A49E46-8501-4697-A17A-249A7D9F5A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.5\\(1\\):su2:*:*:*:*:*:*",
              "matchCriteriaId": "5D81E7A9-0C2B-4603-91F0-ABF2380DBBA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "4DFCE723-9359-40C7-BA35-B71BDF8E3CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "28B1524E-FDCA-4570-86DD-CE396271B232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "74DC6F28-BFEF-4D89-93D5-10072DAC39C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:12.6\\(1\\):es03:*:*:*:*:*:*",
              "matchCriteriaId": "BA1D60D7-1B4A-4EEE-A26C-389D9271E005",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D726F07-06F1-4B0A-B010-E607E0C2A280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED58B0E-FCC7-48E3-A5C0-6CC54A38BAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2DF0B07-8C2A-4341-8AFF-DE7E5E5B3A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "41E168ED-D664-4749-805E-77644407EAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD69468-8067-4A5D-B2B0-EC510D889AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:6.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F22403-B4EE-4303-9C94-915D3E0AC944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCA75A6-0A3E-4393-8884-9F3CE190641E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:firepower_threat_defense:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D619BF54-1BA9-45D0-A876-92D7010088A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:002.004\\(000.914\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "808F8065-BD3A-4802-83F9-CE132EDB8D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:002.006\\(000.156\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "B236B13E-93B9-424E-926C-95D3DBC6CA5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:002.007\\(000.356\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "8A63CC83-0A6E-4F33-A1BE-214A33B51518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:003.000\\(000.458\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "37DB7759-6529-46DE-B384-10F060D86A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:003.001\\(000.518\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "8C640AD9-146E-488A-B166-A6BB940F97D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:003.002\\(000.116\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "DAC1FA7E-CB1B-46E5-A248-ABACECFBD6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:002.003\\(002.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7C3BD5AF-9FC1-494B-A676-CC3D4B8EAC8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:2.3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F477CACA-2AA0-417C-830D-F2D3AE93153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:1.0.9-343:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E3BE5E1-A6B6-46C7-B93B-8A9F5AEA2731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:mobility_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E0BB7B-0716-4DBD-89B9-BA11AAD77C00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_assurance_engine:6.0\\(2.1912\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "64C98A76-0C31-45E7-882B-35AE0D2C5430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "379F8D86-BE87-4250-9E85-494D331A0398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "71F69E51-E59D-4AE3-B242-D6D2CFDB3F46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "578DA613-8E15-4748-A4B7-646415449609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "544EFAD6-CE2F-4E1D-9A00-043454B72889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2E16DF9C-3B64-4220-82B6-6E20C7807BAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B9CD5B8A-9846-48F1-9495-77081E44CBFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "68E6CD49-6F71-4E17-B046-FBE91CE91CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_dashboard_fabric_controller:11.5\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD8018-7E77-4C89-917E-ACDC678A7DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_insights_for_data_center:6.0\\(2.1914\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D39156-A47D-405E-8C02-CAE7D637F99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_orchestrator:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5426FC59-411D-4963-AFEF-5B55F68B8958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:optical_network_controller:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "810E9A92-4302-4396-94D3-3003947DB2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:8.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "522C36A5-7520-4368-BD92-9AB577756493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:8.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2EC4BE-FFAF-4605-8A96-2FEF35975540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CA1D3C2A-E5FA-400C-AC01-27A3E5160477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:9.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "63B27050-997B-4D54-8E5A-CE9E33904318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:9.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABF05B8-1B8A-4CCF-A1AD-D8602A247718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F74580D-0011-4ED9-9A00-B4CDB6685154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:12.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "17A3C22E-1980-49B6-8985-9FA76A77A836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:paging_server:14.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AB42DC-CE58-448A-A6B5-56F31B15F4A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_service_catalog:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC32B55-0C76-4669-8EAD-DCC16355E887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDA737F-337E-4C30-B68D-EF908A8D6840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC5A89C-CCCF-49EC-B4FC-AB98ACB79233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA4F513-CBA1-4523-978B-D498CEDAE0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C53C6FD-B98E-4F7E-BA4D-391C90CF9E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D00F6719-2C73-4D8D-8505-B9922E8A4627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE9210F-39C5-4828-9608-6905C1D378D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CEDCE4-CFD1-434B-B157-D63329CBA24A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "33660EB8-2984-4258-B8AD-141B7065C85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ACA346D-5103-47F0-8BD9-7A8AD9B92E98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A38BDF03-23C8-4BB6-A44D-68818962E7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3104C099-FEDA-466B-93CC-D55F058F7CD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "890EA1C7-5990-4C71-857F-197E6F5B4089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:smart_phy:21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F21CF4-83FE-4529-9871-0FDD70D3095E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9331834-9EAD-46A1-9BD4-F4027E49D0C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E707E44-12CD-46C3-9124-639D0265432E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2FEE8482-DB64-4421-B646-9E5F560D1712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4385CE6E-6283-4621-BBD9-8E66E2A34843",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6CDBD4-889B-442D-B272-C8E9A1B6AEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1E59F9-CF4F-4EFB-872C-5F503A04CCF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1f\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1782219F-0C3D-45B7-80C7-D1DAA70D90B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1g\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DDAB3BAD-1EC6-4101-A58D-42DA48D04D0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1h\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7AA674-6BC2-490F-8D8A-F575B11F4BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1k\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6945C4DE-C070-453E-B641-2F5B9CFA3B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ucs_central_software:2.0\\(1l\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DAB8C7C0-D09B-4232-A88E-57D25AF45457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.17900.52\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ACEDB7B4-EBD4-4A37-9EE3-07EE3B46BE44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18119.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "820D579C-AA45-4DC1-945A-748FFCD51CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.18900.97\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B23A9A6-CD04-4D76-BE3F-AFAFBB525F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.21900.40\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A44E6007-7A3A-4AD3-9A65-246C59B73FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.22900.28\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D508E51-4075-4E34-BB7C-65AF9D56B49F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "376D06D5-D68E-4FF0-97E5-CBA2165A05CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\\u0026_presence_service:11.5\\(1.22900.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "18ED6B8F-2064-4BBA-A78D-4408F13C724D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_computing_system:006.008\\(001.000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "94091FE3-AB88-4CF5-8C4C-77B349E716A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "91D62A73-21B5-4D16-A07A-69AED2D40CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "53F1314A-9A2C-43DC-8203-E4654EF013CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADE468B-8F0C-490D-BB4C-358D947BA8E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "32FEE78D-309E-491D-9AB6-98005F1CBF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "878D9901-675D-4444-B094-0BA505E7433F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):su1:*:*:*:*:*:*",
              "matchCriteriaId": "D8F35520-F04A-4863-A1BC-0EDD2D1804F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF9855FD-7747-4D9E-9542-703B1EC9A382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E07AF386-D8A5-44F5-A418-940C9F88A36A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_management_portal:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "113C77DA-AC22-4D67-9812-8510EFC0A95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE221AB-A3B0-4CFF-9BC0-777773C2EF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "15941265-1E7E-4C3E-AF1D-027C5E0D3141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "54AA2B0C-92A1-4B53-88D7-6E31120F5041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F9BD7207-85FB-4484-8720-4D11F296AC10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "62E009C4-BE3E-4A14-91EF-8F667B2220A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es01:*:*:*:*:*:*",
              "matchCriteriaId": "088512E1-434D-4685-992E-192A98ECAD9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):es02:*:*:*:*:*:*",
              "matchCriteriaId": "50A7BBC6-077C-4182-AA7A-577C4AAC3CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "E0536F45-3A49-4F93-942E-AF679DFC7017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D54794B-6CD5-46D7-B9E9-62A642143562",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.000\\(001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BE844DCA-FF52-43F5-BDD9-836A812A8CFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(000\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "07B261EB-CA63-4796-BD15-A6770FD68B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_sip_proxy:010.002\\(001\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "29F9067A-B86C-4A6B-ACB7-DB125E04B795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_workforce_optimization:11.5\\(1\\):sr7:*:*:*:*:*:*",
              "matchCriteriaId": "FAC4CC92-8BA0-4D96-9C48-5E311CDED53F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2437A5-217A-4CD1-9B72-A31BDDC81F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(1.10000.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3CFF0D-BD70-4353-AE2F-6C55F8DE56A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(1.26\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE47760-0E71-4FCA-97D1-CF0BB71CAC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(2.26\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "89B2D4F5-CB86-4B25-8C14-CED59E8A3F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(3.025\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B150B636-6267-4504-940F-DC37ABEFB082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:video_surveillance_manager:7.14\\(4.018\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D00B9911-A7CA-467E-B7A3-3AF31828D5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:virtual_topology_system:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B67C08C3-412F-4B7F-B98C-EEAEE77CBE4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D428C9B-53E1-4D26-BB4D-57FDE02FA613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDB41596-FACF-440A-BB6C-8CAD792EC186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C88EE2-5702-4E8B-A144-CB485435FD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC62844-C608-4DB1-A1AD-C1B55128C560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF2FFA4-358A-4F33-BC67-A9EF8A30714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "53C0BBDE-795E-4754-BB96-4D6D4B5A804F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A41E377-16F9-423F-8DC2-F6EDD54E1069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:wan_automation_engine:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C2789E-255B-45D9-9469-B5B549A01F53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAFEC61-2128-4BFA-992D-54742BD4911A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:webex_meetings_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12AF70E-2201-4F5D-A929-A1A057B74252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:snowsoftware:snow_commander:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2CBCDC4-02DF-47F4-A01C-7CBCB2FF0163",
              "versionEndExcluding": "8.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:snowsoftware:vm_access_proxy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42D44C8-9894-4183-969B-B38FDA1FEDF9",
              "versionEndExcluding": "3.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bentley:synchro:*:*:*:*:pro:*:*:*",
              "matchCriteriaId": "452D8730-F273-4AB4-9221-E82EC2CAAFD8",
              "versionEndExcluding": "6.2.4.2",
              "versionStartIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bentley:synchro_4d:*:*:*:*:pro:*:*:*",
              "matchCriteriaId": "F2EF5054-EECB-4489-B27A-AACB96B25B97",
              "versionEndExcluding": "6.4.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:percussion:rhythmyx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E0A04D-30BE-4AB3-85A1-13AF614C425C",
              "versionEndIncluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755E91-2F36-4EC3-8727-E8BF0427E663",
              "versionEndExcluding": "13.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
    },
    {
      "lang": "es",
      "value": "Las caracter\u00edsticas JNDI de Apache Log4j2 2.0-beta9 hasta 2.15.0 (excluyendo las versiones de seguridad 2.12.2, 2.12.3 y 2.3.1) utilizadas en la configuraci\u00f3n, los mensajes de registro y los par\u00e1metros no protegen contra LDAP controlado por un atacante y otros puntos finales relacionados con JNDI. Un atacante que pueda controlar los mensajes de registro o los par\u00e1metros de los mensajes de registro puede ejecutar c\u00f3digo arbitrario cargado desde servidores LDAP cuando la sustituci\u00f3n de la b\u00fasqueda de mensajes est\u00e1 habilitada. A partir de la versi\u00f3n 2.15.0 de log4j, este comportamiento ha sido deshabilitado por defecto. A partir de la versi\u00f3n 2.16.0 (junto con las versiones 2.12.2, 2.12.3 y 2.3.1), esta funcionalidad se ha eliminado por completo. Tenga en cuenta que esta vulnerabilidad es espec\u00edfica de log4j-core y no afecta a log4net, log4cxx u otros proyectos de Apache Logging Services"
    }
  ],
  "id": "CVE-2021-44228",
  "lastModified": "2025-08-08T18:52:00.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-12-10T10:15:09.143",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Broken Link"
      ],
      "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Product",
        "US Government Resource"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213189"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5020"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Broken Link"
      ],
      "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Product",
        "US Government Resource"
      ],
      "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@apache.org",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-21 05:29

Modified

2025-07-31 15:03

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/100922	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039410	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100922	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039410	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	11.5\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz web de Cisco Unified Intelligence Center podr\u00eda permitir a un atacante remoto sin autenticar que realice un ataque Cross-Site Scripting (XSS) basado en DOM (Document Object Model). La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de algunos par\u00e1metros que se pasan al servidor web. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario para que entre a un enlace malicioso o interceptando una petici\u00f3n de usuario e inyectando el c\u00f3digo malicioso. Si se explota esta vulnerabilidad con \u00e9xito, el atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el contexto del sitio afectado o permitir que el atacante pueda acceder a informaci\u00f3n confidencial del navegador. Cisco Bug IDs: CSCve76848, CSCve76856."
    }
  ],
  "id": "CVE-2017-12254",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-21T05:29:00.780",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100922"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039410"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039410"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-01-20 07:15

Modified

2024-11-21 07:40

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	packaged_contact_center_enterprise	*
cisco	packaged_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_enterprise	*
cisco	unified_contact_center_express	*
cisco	unified_contact_center_express	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*
cisco	unified_intelligence_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AC23CF-847A-4946-9338-DAE9DCF4FD36",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "versionStartIncluding": "9.0\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71026A7F-73E9-4A9B-9189-D10130B09D0B",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "versionStartIncluding": "12.5\\(1\\)_su2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5515B7B0-0E16-4284-B6BF-1790E78699E0",
              "versionEndExcluding": "12.5\\(1\\)_es02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1C3570C-01E5-43D6-B416-B10F3AB2C73D",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.5\\(2\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49442B0B-5847-444F-B19D-9CCE29CBDF6F",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "03A8678A-D1C2-4C80-83C9-DD49873D09EA",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6F0F5F-0628-4D64-83AB-9ECAEB993340",
              "versionEndExcluding": "12.5\\(1\\)_su2_es05",
              "versionStartIncluding": "12.5\\(1\\)_su2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A75793A-2FEB-4E2F-9BCF-3339D17DD551",
              "versionEndExcluding": "12.5\\(1\\)_es02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0D850FC-1E64-4766-851E-7928B5F58FCF",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.6\\(1\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF76CFD-E98A-4494-AEA0-D3917F0CF607",
              "versionEndExcluding": "12.6\\(1\\)_es06",
              "versionStartIncluding": "12.6\\(1\\)_es2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site scripting (XSS) reflejado contra un usuario de la interfaz. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web no valida adecuadamente la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la interfaz para que haga clic en un enlace manipulado. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
    }
  ],
  "id": "CVE-2023-20058",
  "lastModified": "2024-11-21T07:40:27.327",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-20T07:15:17.633",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-05-16 02:29

Modified

2024-11-21 04:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

Summary

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/108354
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108354
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	12.0\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user\u0026rsquo;s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user\u0026rsquo;s browser and Cisco Unified Intelligence Center in the context of the malicious gadget."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento en dashboard gadget rendering de Cisco Unified Intelligence Center, podr\u00eda permitir que un atacante remoto no autorizado obtenga o manipule informaci\u00f3n confidencial entre el navegador de un usuario y el Centro de Inteligencia Unificada de Cisco. La vulnerabilidad es debido a la falta de comprobaci\u00f3n del gadget. Un atacante podr\u00eda explotar esta vulnerabilidad al forzar a un usuario a cargar un gadget malicioso. Una explotaci\u00f3n con exito podr\u00eda permitir al atacante obtener informaci\u00f3n confidencial, como las credenciales de usuario actuales, o manipular los datos entre el navegador del usuario y el Centro de Inteligencia Unificada de Cisco en el contexto del dispositivo malicioso."
    }
  ],
  "id": "CVE-2019-1860",
  "lastModified": "2024-11-21T04:37:33.260",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-16T02:29:00.717",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/108354"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/108354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-99"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-99"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-21 05:29

Modified

2025-07-31 15:03

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/100919	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039409	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100919	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039409	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	11.5\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad en Cisco Unified Intelligence Center que podr\u00eda permitir que un atacante remoto no autenticado ejecute acciones no deseadas. La vulnerabilidad se debe a la ausencia de medidas de defensa contra ataques de Cross-Site Request Forgery (CSRF). Un atacante podr\u00eda explotar esta vulnerabilidad enga\u00f1ando al usuario de una aplicaci\u00f3n web para que ejecute una acci\u00f3n adversa. Cisco Bug IDs: CSCve76872."
    }
  ],
  "id": "CVE-2017-12253",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-21T05:29:00.687",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100919"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039409"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039409"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2016-10-05 21:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/93420
psirt@cisco.com	http://www.securitytracker.com/id/1036952
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93420
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036952

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_express	10.0\(1\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	11.0\(1\)
cisco	unified_intelligence_center	8.5.4
cisco	unified_intelligence_center	9.0\(2\)
cisco	unified_intelligence_center	9.1\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D9C6E-7541-4667-A723-3CE27DB008B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CDF110-17D3-4A1A-ADA2-4D158E172293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7F0FEF-BD6B-487D-9ABA-6643499DBC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "76043C98-3664-45B4-A108-88A7E5228037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "33A6383F-C719-4624-9FF4-BDDDCAA066B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versi\u00f3n 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versi\u00f3n 11.0(1), permite a atacantes remotos crear cuentas de usuario visitando una p\u00e1gina web no especificada, vulnerabilidad tambi\u00e9n conocida como IDs CSCuy75027 y CSCuy81653."
    }
  ],
  "id": "CVE-2016-6426",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-05T21:59:00.180",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93420"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1036952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036952"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-21 05:29

Modified

2025-07-31 15:03

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/100921	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039408	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100921	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039408	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	11.5\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el c\u00f3digo framework de red de Cisco Unified Intelligence Center Software podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en el sistema afectado. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de algunos par\u00e1metros que se pasan al servidor web del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de que entre a un enlace malicioso o interceptando una petici\u00f3n de usuario e inyectando c\u00f3digo malicioso en la petici\u00f3n. Si se explota esta vulnerabilidad con \u00e9xito, el atacante podr\u00eda ejecutar c\u00f3digo de script arbitrario en el contexto del sitio afectado o permitir que el atacante pueda acceder a informaci\u00f3n confidencial del navegador. Cisco Bug IDs: CSCve76835."
    }
  ],
  "id": "CVE-2017-12248",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-21T05:29:00.357",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100921"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039408"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-16 17:15

Modified

2025-07-22 14:37

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	10.5\(1\)
cisco	unified_intelligence_center	11.0\(1\)
cisco	unified_intelligence_center	11.0\(2\)
cisco	unified_intelligence_center	11.0\(3\)
cisco	unified_intelligence_center	11.5\(1\)
cisco	unified_intelligence_center	11.6\(1\)
cisco	unified_intelligence_center	12.0\(1\)
cisco	unified_intelligence_center	12.5\(1\)
cisco	unified_intelligence_center	12.5\(1\)su
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)_es05_et
cisco	unified_intelligence_center	12.6\(1\)_et
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5601C191-19B9-4CC3-94E0-AB144A6BD02C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D92445EF-1107-456D-8F03-44BA2A385383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4F7BC5-E393-4C85-93ED-8F8DBD81A383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD658DE5-84D2-4527-AF25-09F31572C184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B59061B-ED98-47C6-A8CF-41CA11500AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84C52246-9E02-434A-8E41-76B21DB3F25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\)su:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B2688A-4E07-4EA0-8304-E168FB672202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE9043-E488-4FBE-8A60-377F71D5D126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_es05_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "45676746-8B75-4095-A4FF-9AC34CF0E72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94589CB-61F9-474F-800A-5387FB4AEF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A136173-603C-427A-AC03-76CBB6757C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.\r\n\r\nThis vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado cargue archivos arbitrarios en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los archivos cargados en la interfaz de administraci\u00f3n web. Un atacante podr\u00eda explotar esta vulnerabilidad cargando archivos arbitrarios en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle almacenar archivos maliciosos en el sistema y ejecutar comandos arbitrarios en el sistema operativo. La calificaci\u00f3n de impacto en la seguridad (SIR) de este aviso se ha elevado a alta debido a que un atacante podr\u00eda elevar los privilegios a root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas para una cuenta de usuario con al menos el rol de Dise\u00f1ador de informes."
    }
  ],
  "id": "CVE-2025-20274",
  "lastModified": "2025-07-22T14:37:11.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-16T17:15:29.073",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-21 17:15

Modified

2025-07-22 14:41

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Summary

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	10.5\(1\)
cisco	unified_intelligence_center	11.0\(1\)
cisco	unified_intelligence_center	11.0\(2\)
cisco	unified_intelligence_center	11.0\(3\)
cisco	unified_intelligence_center	11.5\(1\)
cisco	unified_intelligence_center	11.6\(1\)
cisco	unified_intelligence_center	12.0\(1\)
cisco	unified_intelligence_center	12.5\(1\)
cisco	unified_intelligence_center	12.5\(1\)su
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)_es05_et
cisco	unified_intelligence_center	12.6\(1\)_et
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5601C191-19B9-4CC3-94E0-AB144A6BD02C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D92445EF-1107-456D-8F03-44BA2A385383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4F7BC5-E393-4C85-93ED-8F8DBD81A383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD658DE5-84D2-4527-AF25-09F31572C184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B59061B-ED98-47C6-A8CF-41CA11500AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84C52246-9E02-434A-8E41-76B21DB3F25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\)su:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B2688A-4E07-4EA0-8304-E168FB672202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE9043-E488-4FBE-8A60-377F71D5D126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_es05_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "45676746-8B75-4095-A4FF-9AC34CF0E72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94589CB-61F9-474F-800A-5387FB4AEF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A136173-603C-427A-AC03-76CBB6757C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado eleve privilegios a Administrador para un conjunto limitado de funciones en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente del lado del servidor de los par\u00e1metros proporcionados por el usuario en las solicitudes API o HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud API o HTTP manipulada a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder, modificar o eliminar datos m\u00e1s all\u00e1 del \u00e1mbito de su nivel de acceso previsto, incluyendo la obtenci\u00f3n de informaci\u00f3n potencialmente confidencial almacenada en el sistema."
    }
  ],
  "id": "CVE-2025-20113",
  "lastModified": "2025-07-22T14:41:12.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-21T17:15:55.620",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-602"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-07-16 17:15

Modified

2025-07-22 14:40

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	10.5\(1\)
cisco	unified_intelligence_center	11.0\(1\)
cisco	unified_intelligence_center	11.0\(2\)
cisco	unified_intelligence_center	11.0\(3\)
cisco	unified_intelligence_center	11.5\(1\)
cisco	unified_intelligence_center	11.6\(1\)
cisco	unified_intelligence_center	12.0\(1\)
cisco	unified_intelligence_center	12.5\(1\)
cisco	unified_intelligence_center	12.5\(1\)su
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)_es05_et
cisco	unified_intelligence_center	12.6\(1\)_et
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5601C191-19B9-4CC3-94E0-AB144A6BD02C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D92445EF-1107-456D-8F03-44BA2A385383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4F7BC5-E393-4C85-93ED-8F8DBD81A383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD658DE5-84D2-4527-AF25-09F31572C184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B59061B-ED98-47C6-A8CF-41CA11500AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84C52246-9E02-434A-8E41-76B21DB3F25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\)su:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B2688A-4E07-4EA0-8304-E168FB672202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE9043-E488-4FBE-8A60-377F71D5D126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_es05_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "45676746-8B75-4095-A4FF-9AC34CF0E72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94589CB-61F9-474F-800A-5387FB4AEF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A136173-603C-427A-AC03-76CBB6757C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto no autenticado realice un ataque de Server Side Request Forgery (SSRF) a trav\u00e9s de un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta para solicitudes HTTP espec\u00edficas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante enviar solicitudes de red arbitrarias provenientes del dispositivo afectado."
    }
  ],
  "id": "CVE-2025-20288",
  "lastModified": "2025-07-22T14:40:58.893",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-07-16T17:15:30.387",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-02-07 22:29

Modified

2025-07-31 15:03

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/106919	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106919	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	9.5\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8337AC-7B8F-42E0-A714-ACD569C0CA77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web del software Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en el sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los valores proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario para que haga clic en un determinado enlace. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante env\u00ede peticiones arbitrarias al sistema afectado mediante un navegador web con los privilegios del usuario."
    }
  ],
  "id": "CVE-2019-1670",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-07T22:29:00.383",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106919"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2025-05-21 17:15

Modified

2025-07-22 14:41

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unified_intelligence_center	10.5\(1\)
cisco	unified_intelligence_center	11.0\(1\)
cisco	unified_intelligence_center	11.0\(2\)
cisco	unified_intelligence_center	11.0\(3\)
cisco	unified_intelligence_center	11.5\(1\)
cisco	unified_intelligence_center	11.6\(1\)
cisco	unified_intelligence_center	12.0\(1\)
cisco	unified_intelligence_center	12.5\(1\)
cisco	unified_intelligence_center	12.5\(1\)su
cisco	unified_intelligence_center	12.6\(1\)
cisco	unified_intelligence_center	12.6\(1\)_es05_et
cisco	unified_intelligence_center	12.6\(1\)_et
cisco	unified_intelligence_center	12.6\(2\)
cisco	unified_contact_center_express	8.5\(1\)
cisco	unified_contact_center_express	9.0\(2\)su3es04
cisco	unified_contact_center_express	10.0\(1\)su1
cisco	unified_contact_center_express	10.0\(1\)su1es04
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.5\(1\)su1
cisco	unified_contact_center_express	10.5\(1\)su1es10
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	10.6\(1\)su1
cisco	unified_contact_center_express	10.6\(1\)su2
cisco	unified_contact_center_express	10.6\(1\)su2es04
cisco	unified_contact_center_express	10.6\(1\)su3
cisco	unified_contact_center_express	10.6\(1\)su3es01
cisco	unified_contact_center_express	10.6\(1\)su3es02
cisco	unified_contact_center_express	10.6\(1\)su3es03
cisco	unified_contact_center_express	11.0\(1\)su1
cisco	unified_contact_center_express	11.0\(1\)su1es02
cisco	unified_contact_center_express	11.0\(1\)su1es03
cisco	unified_contact_center_express	11.5\(1\)es01
cisco	unified_contact_center_express	11.5\(1\)su1
cisco	unified_contact_center_express	11.5\(1\)su1es01
cisco	unified_contact_center_express	11.5\(1\)su1es02
cisco	unified_contact_center_express	11.5\(1\)su1es03
cisco	unified_contact_center_express	11.6\(1\)
cisco	unified_contact_center_express	11.6\(1\)es01
cisco	unified_contact_center_express	11.6\(1\)es02
cisco	unified_contact_center_express	11.6\(2\)
cisco	unified_contact_center_express	11.6\(2\)es01
cisco	unified_contact_center_express	11.6\(2\)es02
cisco	unified_contact_center_express	11.6\(2\)es03
cisco	unified_contact_center_express	11.6\(2\)es04
cisco	unified_contact_center_express	11.6\(2\)es05
cisco	unified_contact_center_express	11.6\(2\)es06
cisco	unified_contact_center_express	11.6\(2\)es07
cisco	unified_contact_center_express	11.6\(2\)es08
cisco	unified_contact_center_express	12.0\(1\)
cisco	unified_contact_center_express	12.0\(1\)es01
cisco	unified_contact_center_express	12.0\(1\)es02
cisco	unified_contact_center_express	12.0\(1\)es03
cisco	unified_contact_center_express	12.0\(1\)es04
cisco	unified_contact_center_express	12.5\(1\)
cisco	unified_contact_center_express	12.5\(1\)_su01_es01
cisco	unified_contact_center_express	12.5\(1\)_su01_es02
cisco	unified_contact_center_express	12.5\(1\)_su01_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es01
cisco	unified_contact_center_express	12.5\(1\)_su02_es02
cisco	unified_contact_center_express	12.5\(1\)_su02_es03
cisco	unified_contact_center_express	12.5\(1\)_su02_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es01
cisco	unified_contact_center_express	12.5\(1\)_su03_es02
cisco	unified_contact_center_express	12.5\(1\)_su03_es03
cisco	unified_contact_center_express	12.5\(1\)_su03_es04
cisco	unified_contact_center_express	12.5\(1\)_su03_es05
cisco	unified_contact_center_express	12.5\(1\)_su03_es06
cisco	unified_contact_center_express	12.5\(1\)es01
cisco	unified_contact_center_express	12.5\(1\)es02
cisco	unified_contact_center_express	12.5\(1\)es03
cisco	unified_contact_center_express	12.5\(1\)su1
cisco	unified_contact_center_express	12.5\(1\)su2
cisco	unified_contact_center_express	12.5\(1\)su3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5601C191-19B9-4CC3-94E0-AB144A6BD02C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D92445EF-1107-456D-8F03-44BA2A385383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4F7BC5-E393-4C85-93ED-8F8DBD81A383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD658DE5-84D2-4527-AF25-09F31572C184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "060AFE51-F470-4B14-8D74-8B721129A37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B59061B-ED98-47C6-A8CF-41CA11500AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DF881F48-7268-4A06-A72B-FEE1BD58A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84C52246-9E02-434A-8E41-76B21DB3F25C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.5\\(1\\)su:*:*:*:*:*:*:*",
              "matchCriteriaId": "42B2688A-4E07-4EA0-8304-E168FB672202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0EAE9043-E488-4FBE-8A60-377F71D5D126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_es05_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "45676746-8B75-4095-A4FF-9AC34CF0E72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(1\\)_et:*:*:*:*:*:*:*",
              "matchCriteriaId": "D94589CB-61F9-474F-800A-5387FB4AEF9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:12.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0A136173-603C-427A-AC03-76CBB6757C92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED97AAD8-D02D-42AB-863A-7538A1F6D425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su3es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1202DE4-CA67-424E-8379-2BC13630F0C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31854EAF-89B5-40BB-98E7-7EBB2E867C96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\)su1es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE1194F1-9CF5-460E-AF26-FB7CDC1EE878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\)su1es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE358FF2-CB8A-4E0D-926E-ED151B585E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A766B903-E6DB-4838-90A7-63918C9F8AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1F0C70-E644-4DCA-93C2-6BCB331D08E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su2es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF54B434-E765-40B1-B12A-21FC7F415ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60839544-11E0-4381-A9AA-21D6FB403F88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8114CF-6689-4C97-BD5D-07CC8EEF35A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90986B-64ED-44A1-9CF1-7C9FD27555FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\)su3es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "442E4715-5043-4BF7-8961-C8844A00A7B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C17A2AB-33B3-4089-A701-A29A4E55D667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6FFA8B-248F-42C7-8A06-3F7E158386EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F529FE5-1DE8-43A5-88EE-0980D3A55BCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "766350AF-1B2F-4DC0-9DA3-E17B45892163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\)su1es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "702E48CC-3858-491C-A328-5D9ADDDC8DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "20CF8B80-28C0-407B-BA60-1B07694A3DFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A30F7B-9756-40BD-89C1-60E2702CC806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A15BB5-0725-4159-B387-74CFBF58F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "82F5416D-0DF3-48BB-8A23-DBC2B0746195",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "908E3B03-7248-44B4-B0DE-E3B3F7FA9555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "1705F343-BF9D-4EBC-B833-64F03EDD7C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "686F6450-99FC-4260-B9CE-B7F313464EFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "93851C02-3E0A-41F1-82BB-24546A83E272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "10E25C7A-42B4-40CE-A13B-0252C05FCFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es07:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A92970B-53FD-4ED6-95BC-FDC7BB6780CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.6\\(2\\)es08:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE8E4137-3059-46B0-B241-2AA42A3D959E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "30A8784D-B7A6-4F13-B89D-4ED910CC0576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368DEE7-7639-4D46-997B-2F2409712CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "B721320B-C72C-4550-B585-9F43439FAB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F18549-A002-4106-9740-6B641E0ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.0\\(1\\)es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF4AD59-6A04-4473-84E0-D99D24D99BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A9715BD0-F519-462E-ACF6-859B203638D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2C8F59-78F2-4E3A-8261-F4EF214F691A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3117461-56A5-4957-8BE0-83F44B66AE3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su01_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B279AE4-9CF7-49F1-A4C3-D8A6301EF136",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "860ACAB6-5CB9-468C-90C4-B7C8E9559D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB2D8357-773D-492F-BC5B-F672C4D736A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su02_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7EEFA-D04C-4769-8C62-B8B5902F79ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A16D3-3B40-42EA-BAC3-05A13082CED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "21F08B08-23C1-4AD7-AD67-34D196C8470E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD3A80-2409-475E-87F5-430E51C53087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es04:*:*:*:*:*:*:*",
              "matchCriteriaId": "49165652-275C-4AD9-9585-2F130989D404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es05:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4480EF1-226E-459E-B2F5-3985A219BBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)_su03_es06:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A408698-6123-4772-8D11-FE89EBB135D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es01:*:*:*:*:*:*:*",
              "matchCriteriaId": "81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es02:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F9AF5B-3670-4910-9AD8-C1FB90C7190B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)es03:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DAF852-5CA1-4D2B-948B-F0E9FB9DA973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EDDAAF-0746-4851-B7E5-60E4ED039D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF183D9-CDF6-44D9-B529-F13666A3EE07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la API de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado realice un ataque de escalada horizontal de privilegios en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los par\u00e1metros proporcionados por el usuario en las solicitudes de API. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes de API manipuladas a un sistema afectado para ejecutar un ataque de referencia directa a objetos inseguro. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a datos espec\u00edficos asociados a diferentes usuarios del sistema afectado."
    }
  ],
  "id": "CVE-2025-20114",
  "lastModified": "2025-07-22T14:41:40.413",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-05-21T17:15:55.810",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2019-01-24 16:29

Modified

2025-07-31 15:03

Severity ?

4.7 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/106713	Third Party Advisory
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106713	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	11.6\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7B59061B-ED98-47C6-A8CF-41CA11500AF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Request Forgery (CSRF) y realice acciones arbitrarias en un dispositivo afectado. La vulnerabilidad se debe a las medidas de protecci\u00f3n contra CSRF insuficientes en la interfaz de administraci\u00f3n web. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que un usuario de la interfaz siga un enlace malicioso personalizado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante realice acciones arbitrarias en un dispositivo afectado mediante un navegador web y con los privilegios del usuario."
    }
  ],
  "id": "CVE-2019-1658",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-24T16:29:00.503",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/106713"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/106713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-03 16:15

Modified

2024-11-21 07:40

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	packaged_contact_center_enterprise	-
cisco	unified_contact_center_enterprise	-
cisco	unified_contact_center_express	-
cisco	unified_intelligence_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3CDF903-2720-421E-BEE0-77422403956D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "444F1581-0CD5-40B9-8C9E-0E428E6D75C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B7ABD3-A909-432D-87D3-9C52496DEFAE",
              "versionEndExcluding": "12.6\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities."
    }
  ],
  "id": "CVE-2023-20062",
  "lastModified": "2024-11-21T07:40:27.790",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-03T16:15:10.093",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-11-16 07:29

Modified

2025-07-31 15:03

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/101865	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039813	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039814	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039815	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039816	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039817	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039818	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039819	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039820	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101865	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039813	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039814	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039815	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039816	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039817	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039818	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039819	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039820	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	emergency_responder	-
cisco	finesse	-
cisco	hosted_collaboration_solution	-
cisco	mediasense	-
cisco	prime_license_manager	-
cisco	socialminer	-
cisco	unified_communications_manager	-
cisco	unified_communications_manager	-
cisco	unified_communications_manager_im_and_presence_service	-
cisco	unified_contact_center_express	-
cisco	unified_intelligence_center	-
cisco	unity_connection	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3342DE3-F98B-48CF-9416-FA8D7F062E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:finesse:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F343F98-1100-489F-B34C-480F7898A240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:hosted_collaboration_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8A8E190-1846-44ED-9572-D80D71A433DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:mediasense:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B0A2D56-3667-438C-A367-4DB74F72507B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_license_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE11E45-1A8C-497C-A1B1-ED695E812CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:socialminer:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9A9B36-D4E2-4578-9BB9-3CCD008AE628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "395232C7-93D5-4877-A726-32E5BAFAF812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:-:*:*:*:session_management:*:*:*",
              "matchCriteriaId": "863C456D-EE60-49F8-AFB0-795EA29CD93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16991CD6-A32F-4891-B6B6-41D050FC1412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "444F1581-0CD5-40B9-8C9E-0E428E6D75C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3270ADFF-27F5-4972-AB44-FA2882486B16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0368C678-72A4-4F48-B31D-77A6BDAAC4DE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el mecanismo de actualizaci\u00f3n de productos de colaboraci\u00f3n de Cisco basados en la plataforma de software Cisco Voice Operating System podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso elevado no autorizado a un dispositivo afectado. La vulnerabilidad ocurre cuando un refresh upgrade (RU) o una migraci\u00f3n Prime Collaboration Deployment (PCD) se realiza en un dispositivo afectado. Cuando un refresh upgrade o una migraci\u00f3n PCD se completa con \u00e9xito, una marca de ingenier\u00eda se mantiene habilitada y podr\u00eda permitir el acceso root al dispositivo con una contrase\u00f1a conocida. Si el dispositivo vulnerable se actualiza empleando el m\u00e9todo de actualizaci\u00f3n est\u00e1ndar a un Engineering Special Release, la actualizaci\u00f3n del servicio o una nueva actualizaci\u00f3n del producto afectado, esta vulnerabilidad se remedia mediante tal acci\u00f3n. Nota: Los Engineering Special Release que se instalan como archivos COP, a diferencia del m\u00e9todo de actualizaci\u00f3n est\u00e1ndar, no remedian esta vulnerabilidad. Un atacante que pueda acceder a un dispositivo afectado mediante SFTP mientras se encuentre en un estado vulnerable podr\u00eda obtener acceso root al dispositivo. Este acceso podr\u00eda permitir que el atacante comprometa completamente el sistema afectado. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
    }
  ],
  "id": "CVE-2017-12337",
  "lastModified": "2025-07-31T15:03:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-16T07:29:01.023",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101865"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039813"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039814"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039815"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039816"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039817"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039818"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039819"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039820"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-03-03 16:15

Modified

2024-11-21 07:40

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

References

▶	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	packaged_contact_center_enterprise	-
cisco	unified_contact_center_enterprise	-
cisco	unified_contact_center_express	-
cisco	unified_intelligence_center	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:packaged_contact_center_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3CDF903-2720-421E-BEE0-77422403956D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31CC0E9-8E21-436B-AB84-EA1B1BC60DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "444F1581-0CD5-40B9-8C9E-0E428E6D75C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5B7ABD3-A909-432D-87D3-9C52496DEFAE",
              "versionEndExcluding": "12.6\\(2\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities."
    }
  ],
  "id": "CVE-2023-20061",
  "lastModified": "2024-11-21T07:40:27.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-03T16:15:09.990",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2017-09-07 21:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325.

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/100646	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1039278	Third Party Advisory, VDB Entry
psirt@cisco.com	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325	Vendor Advisory
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100646	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039278	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	unified_intelligence_center	11.0\(1\)es10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:11.0\\(1\\)es10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA7A0BF-3EF1-437D-A94A-5FDD09590A16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz web de Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto sin autenticar afecte a la integridad del sistema ejecutando un ataque de Cross-Site Scripting (XSS) basado en DOM, en el entorno o del lado del cliente. Esta vulnerabilidad ocurre porque los datos proporcionados por el cliente en la entrada DOM no se validan. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de URL modificadas que incluyan instrucciones DOM maliciosas al sistema afectado. Si se explota esta vulnerabilidad con \u00e9xito, un atacante podr\u00eda afectar la integridad del sistema manipulando la base de datos. Versiones afectadas conocidas 11.0(1)ES10. Cisco Bug IDs: CSCvf18325."
    }
  ],
  "id": "CVE-2017-6789",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-07T21:29:00.770",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100646"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039278"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2025-20113 (GCVE-0-2025-20113)

Vulnerability from cvelistv5

Published

2025-05-21 16:19

Modified

2025-05-22 03:55

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-602 - Client-Side Enforcement of Server-Side Security

Summary

A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system. This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Unified Contact Center Express

Version: 10.6(1)
Version: 10.5(1)SU1
Version: 10.6(1)SU3
Version: 12.0(1)
Version: 10.0(1)SU1
Version: 10.6(1)SU1
Version: 11.0(1)SU1
Version: 11.5(1)SU1
Version: 10.5(1)
Version: 11.6(1)
Version: 11.6(2)
Version: 12.5(1)
Version: 12.5(1)SU1
Version: 12.5(1)SU2
Version: 12.5(1)SU3
Version: 12.5(1)_SU03_ES01
Version: 12.5(1)_SU03_ES02
Version: 12.5(1)_SU02_ES03
Version: 12.5(1)_SU02_ES04
Version: 12.5(1)_SU02_ES02
Version: 12.5(1)_SU01_ES02
Version: 12.5(1)_SU01_ES03
Version: 12.5(1)_SU02_ES01
Version: 11.6(2)ES07
Version: 11.6(2)ES08
Version: 12.5(1)_SU01_ES01
Version: 12.0(1)ES04
Version: 12.5(1)ES02
Version: 12.5(1)ES03
Version: 11.6(2)ES06
Version: 12.5(1)ES01
Version: 12.0(1)ES03
Version: 12.0(1)ES01
Version: 11.6(2)ES05
Version: 12.0(1)ES02
Version: 11.6(2)ES04
Version: 11.6(2)ES03
Version: 11.6(2)ES02
Version: 11.6(2)ES01
Version: 10.6(1)SU3ES03
Version: 11.0(1)SU1ES03
Version: 10.6(1)SU3ES01
Version: 10.5(1)SU1ES10
Version: 10.0(1)SU1ES04
Version: 11.5(1)SU1ES03
Version: 11.6(1)ES02
Version: 11.5(1)ES01
Version: 9.0(2)SU3ES04
Version: 10.6(1)SU2
Version: 10.6(1)SU2ES04
Version: 11.6(1)ES01
Version: 10.6(1)SU3ES02
Version: 11.5(1)SU1ES02
Version: 11.5(1)SU1ES01
Version: 8.5(1)
Version: 11.0(1)SU1ES02
Version: 12.5(1)_SU03_ES03
Version: 12.5(1)_SU03_ES04
Version: 12.5(1)_SU03_ES05
Version: 12.5(1)_SU03_ES06

Cisco

Cisco Unified Intelligence Center

Version: 11.6(1)
Version: 10.5(1)
Version: 11.0(1)
Version: 11.5(1)
Version: 12.0(1)
Version: 12.5(1)
Version: 11.0(2)
Version: 12.6(1)
Version: 12.5(1)SU
Version: 12.6(1)_ET
Version: 12.6(1)_ES05_ET
Version: 11.0(3)
Version: 12.6(2)
Version: 12.6(2)_504_Issue_ET
Version: 12.6.1_ExcelIssue_ET
Version: 12.6(2)_Permalink_ET
Version: 12.6.2_CSCwk19536_ET
Version: 12.6.2_CSCwm96922_ET
Version: 12.5(2)ET_CSCwi79933
Version: 12.6.2_CSCwn48501_ET

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-22T03:55:17.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-602",
              "description": "Client-Side Enforcement of Server-Side Security",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T16:19:41.378Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-priv-esc-3Pk96SU4",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-priv-esc-3Pk96SU4",
        "defects": [
          "CSCwk34893"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20113",
    "datePublished": "2025-05-21T16:19:41.378Z",
    "dateReserved": "2024-10-10T19:15:13.210Z",
    "dateUpdated": "2025-05-22T03:55:17.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12337 (GCVE-0-2017-12337)

Vulnerability from cvelistv5

Published

2017-11-16 07:00

Modified

2024-08-05 18:36

Severity ?

CWE

CWE-287

Summary

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

References

►

URL

Tags

	http://www.securityfocus.com/bid/101865	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039815	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039817	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039814	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039818	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039819	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039820	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039813	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1039816	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Voice Operating System	Version: Cisco Voice Operating System

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:56.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101865",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101865"
          },
          {
            "name": "1039815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039815"
          },
          {
            "name": "1039817",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039817"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
          },
          {
            "name": "1039814",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039814"
          },
          {
            "name": "1039818",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039818"
          },
          {
            "name": "1039819",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039819"
          },
          {
            "name": "1039820",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039820"
          },
          {
            "name": "1039813",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039813"
          },
          {
            "name": "1039816",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039816"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Voice Operating System",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Voice Operating System"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "101865",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101865"
        },
        {
          "name": "1039815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039815"
        },
        {
          "name": "1039817",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039817"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
        },
        {
          "name": "1039814",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039814"
        },
        {
          "name": "1039818",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039818"
        },
        {
          "name": "1039819",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039819"
        },
        {
          "name": "1039820",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039820"
        },
        {
          "name": "1039813",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039813"
        },
        {
          "name": "1039816",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039816"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Voice Operating System",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Voice Operating System"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101865",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101865"
            },
            {
              "name": "1039815",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039815"
            },
            {
              "name": "1039817",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039817"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos"
            },
            {
              "name": "1039814",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039814"
            },
            {
              "name": "1039818",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039818"
            },
            {
              "name": "1039819",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039819"
            },
            {
              "name": "1039820",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039820"
            },
            {
              "name": "1039813",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039813"
            },
            {
              "name": "1039816",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039816"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12337",
    "datePublished": "2017-11-16T07:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:56.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-1670 (GCVE-0-2019-1670)

Vulnerability from cvelistv5

Published

2019-02-07 22:00

Modified

2024-11-21 19:46

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user.

References

►

URL

Tags

	http://www.securityfocus.com/bid/106919	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Contact Center Express	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.431Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106919",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106919"
          },
          {
            "name": "20190206 Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1670",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:00:40.724306Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:46:08.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-09T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "106919",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106919"
        },
        {
          "name": "20190206 Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190206-cuic-xss",
        "defect": [
          [
            "CSCvm29190"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-02-06T16:00:00-0800",
          "ID": "CVE-2019-1670",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Contact Center Express",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to click a specific link. A successful exploit could allow the attacker to submit arbitrary requests to the affected system via a web browser with the privileges of the user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106919",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106919"
            },
            {
              "name": "20190206 Cisco Unified Intelligence Center Software Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190206-cuic-xss"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190206-cuic-xss",
          "defect": [
            [
              "CSCvm29190"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1670",
    "datePublished": "2019-02-07T22:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:46:08.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-1860 (GCVE-0-2019-1860)

Vulnerability from cvelistv5

Published

2019-05-16 01:20

Modified

2024-11-21 19:24

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

CWE

CWE-99

Summary

A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user’s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user’s browser and Cisco Unified Intelligence Center in the context of the malicious gadget.

References

►

URL

Tags

	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/108354	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Intelligence Center	Version: unspecified < n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190515 Cisco Unified Intelligence Center Remote File Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj"
          },
          {
            "name": "108354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108354"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1860",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:58:24.752342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:24:32.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user\u0026rsquo;s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user\u0026rsquo;s browser and Cisco Unified Intelligence Center in the context of the malicious gadget."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-99",
              "description": "CWE-99",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-17T05:06:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190515 Cisco Unified Intelligence Center Remote File Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj"
        },
        {
          "name": "108354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108354"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190515-cuic-cmdinj",
        "defect": [
          [
            "CSCvo98208"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Remote File Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
          "ID": "CVE-2019-1860",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Intelligence Center Remote File Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Intelligence Center",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the dashboard gadget rendering of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to obtain or manipulate sensitive information between a user\u0026rsquo;s browser and Cisco Unified Intelligence Center. The vulnerability is due to the lack of gadget validation. An attacker could exploit this vulnerability by forcing a user to load a malicious gadget. A successful exploit could allow the attacker to obtain sensitive information, such as current user credentials, or manipulate data between the user\u0026rsquo;s browser and Cisco Unified Intelligence Center in the context of the malicious gadget."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.9",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-99"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190515 Cisco Unified Intelligence Center Remote File Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-cuic-cmdinj"
            },
            {
              "name": "108354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108354"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190515-cuic-cmdinj",
          "defect": [
            [
              "CSCvo98208"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1860",
    "datePublished": "2019-05-16T01:20:14.607283Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:24:32.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20274 (GCVE-0-2025-20274)

Vulnerability from cvelistv5

Published

2025-07-16 16:16

Modified

2025-07-17 13:07

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Unified Contact Center Express

Version: 10.6(1)
Version: 10.5(1)SU1
Version: 10.6(1)SU3
Version: 12.0(1)
Version: 10.6(1)SU1
Version: 11.0(1)SU1
Version: 11.5(1)SU1
Version: 10.5(1)
Version: 11.6(1)
Version: 11.6(2)
Version: 12.5(1)
Version: 12.5(1)SU1
Version: 12.5(1)SU2
Version: 12.5(1)SU3
Version: 12.5(1)_SU03_ES01
Version: 12.5(1)_SU03_ES02
Version: 12.5(1)_SU02_ES03
Version: 12.5(1)_SU02_ES04
Version: 12.5(1)_SU02_ES02
Version: 12.5(1)_SU01_ES02
Version: 12.5(1)_SU01_ES03
Version: 12.5(1)_SU02_ES01
Version: 11.6(2)ES07
Version: 11.6(2)ES08
Version: 12.5(1)_SU01_ES01
Version: 12.0(1)ES04
Version: 12.5(1)ES02
Version: 12.5(1)ES03
Version: 11.6(2)ES06
Version: 12.5(1)ES01
Version: 12.0(1)ES03
Version: 12.0(1)ES01
Version: 11.6(2)ES05
Version: 12.0(1)ES02
Version: 11.6(2)ES04
Version: 11.6(2)ES03
Version: 11.6(2)ES02
Version: 11.6(2)ES01
Version: 10.6(1)SU3ES03
Version: 11.0(1)SU1ES03
Version: 10.6(1)SU3ES01
Version: 10.5(1)SU1ES10
Version: 11.5(1)SU1ES03
Version: 11.6(1)ES02
Version: 11.5(1)ES01
Version: 10.6(1)SU2
Version: 10.6(1)SU2ES04
Version: 11.6(1)ES01
Version: 10.6(1)SU3ES02
Version: 11.5(1)SU1ES02
Version: 11.5(1)SU1ES01
Version: 11.0(1)SU1ES02
Version: 12.5(1)_SU03_ES03
Version: 12.5(1)_SU03_ES04
Version: 12.5(1)_SU03_ES05
Version: 12.5(1)_SU03_ES06

Cisco

Cisco Unified Intelligence Center

Version: 11.6(1)
Version: 10.5(1)
Version: 11.0(1)
Version: 11.5(1)
Version: 12.0(1)
Version: 12.5(1)
Version: 11.0(2)
Version: 12.6(1)
Version: 12.5(1)SU
Version: 12.6(1)_ET
Version: 12.6(1)_ES05_ET
Version: 11.0(3)
Version: 12.6(2)
Version: 12.6(2)_504_Issue_ET
Version: 12.6.1_ExcelIssue_ET
Version: 12.6(2)_Permalink_ET
Version: 12.6.2_CSCwk19536_ET
Version: 12.6.2_CSCwm96922_ET
Version: 12.6.2_Amq_OOS_ET
Version: 12.5(2)ET_CSCwi79933
Version: 12.6(2)_ET
Version: 12.6.2_CSCwn48501_ET

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T03:55:54.247665Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T13:07:12.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_Amq_OOS_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device.\r\n\r\nThis vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-16T16:16:28.874Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-file-upload-UhNEtStm",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-file-upload-UhNEtStm",
        "defects": [
          "CSCwn18794"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20274",
    "datePublished": "2025-07-16T16:16:28.874Z",
    "dateReserved": "2024-10-10T19:15:13.246Z",
    "dateUpdated": "2025-07-17T13:07:12.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20288 (GCVE-0-2025-20288)

Vulnerability from cvelistv5

Published

2025-07-16 16:16

Modified

2025-07-18 14:30

Severity ?

5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Unified Contact Center Express

Version: 10.6(1)
Version: 10.5(1)SU1
Version: 10.6(1)SU3
Version: 12.0(1)
Version: 10.6(1)SU1
Version: 11.0(1)SU1
Version: 11.5(1)SU1
Version: 10.5(1)
Version: 11.6(1)
Version: 11.6(2)
Version: 12.5(1)
Version: 12.5(1)SU1
Version: 12.5(1)SU2
Version: 12.5(1)SU3
Version: 12.5(1)_SU03_ES01
Version: 12.5(1)_SU03_ES02
Version: 12.5(1)_SU02_ES03
Version: 12.5(1)_SU02_ES04
Version: 12.5(1)_SU02_ES02
Version: 12.5(1)_SU01_ES02
Version: 12.5(1)_SU01_ES03
Version: 12.5(1)_SU02_ES01
Version: 11.6(2)ES07
Version: 11.6(2)ES08
Version: 12.5(1)_SU01_ES01
Version: 12.0(1)ES04
Version: 12.5(1)ES02
Version: 12.5(1)ES03
Version: 11.6(2)ES06
Version: 12.5(1)ES01
Version: 12.0(1)ES03
Version: 12.0(1)ES01
Version: 11.6(2)ES05
Version: 12.0(1)ES02
Version: 11.6(2)ES04
Version: 11.6(2)ES03
Version: 11.6(2)ES02
Version: 11.6(2)ES01
Version: 10.6(1)SU3ES03
Version: 11.0(1)SU1ES03
Version: 10.6(1)SU3ES01
Version: 10.5(1)SU1ES10
Version: 11.5(1)SU1ES03
Version: 11.6(1)ES02
Version: 11.5(1)ES01
Version: 10.6(1)SU2
Version: 10.6(1)SU2ES04
Version: 11.6(1)ES01
Version: 10.6(1)SU3ES02
Version: 11.5(1)SU1ES02
Version: 11.5(1)SU1ES01
Version: 11.0(1)SU1ES02
Version: 12.5(1)_SU03_ES03
Version: 12.5(1)_SU03_ES04
Version: 12.5(1)_SU03_ES05
Version: 12.5(1)_SU03_ES06

Cisco

Cisco Unified Intelligence Center

Version: 11.6(1)
Version: 10.5(1)
Version: 11.0(1)
Version: 11.5(1)
Version: 12.0(1)
Version: 12.5(1)
Version: 11.0(2)
Version: 12.6(1)
Version: 12.5(1)SU
Version: 12.6(1)_ET
Version: 12.6(1)_ES05_ET
Version: 11.0(3)
Version: 12.6(2)
Version: 12.6(2)_504_Issue_ET
Version: 12.6.1_ExcelIssue_ET
Version: 12.6(2)_Permalink_ET
Version: 12.6.2_CSCwk19536_ET
Version: 12.6.2_CSCwm96922_ET
Version: 12.6.2_Amq_OOS_ET
Version: 12.5(2)ET_CSCwi79933
Version: 12.6(2)_ET
Version: 12.6.2_CSCwn48501_ET

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20288",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:30:07.079145Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:30:15.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_Amq_OOS_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-16T16:16:55.622Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-ssrf-JSuDjeV",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-ssrf-JSuDjeV",
        "defects": [
          "CSCwn34672"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20288",
    "datePublished": "2025-07-16T16:16:55.622Z",
    "dateReserved": "2024-10-10T19:15:13.251Z",
    "dateUpdated": "2025-07-18T14:30:15.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-4274 (GCVE-0-2015-4274)

Vulnerability from cvelistv5

Published

2015-07-16 19:00

Modified

2024-08-06 06:11

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936.

References

►

URL

Tags

	http://www.securitytracker.com/id/1032962	vdb-entry, x_refsource_SECTRACK
	http://tools.cisco.com/security/center/viewAlert.x?alertId=39920	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032962",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032962"
          },
          {
            "name": "20150715 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032962",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032962"
        },
        {
          "name": "20150715 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4274",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuu94862 and CSCuu97936."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032962",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032962"
            },
            {
              "name": "20150715 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39920"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4274",
    "datePublished": "2015-07-16T19:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-44228 (GCVE-0-2021-44228)

Vulnerability from cvelistv5

Published

2021-12-10 00:00

Modified

2025-07-30 01:37

Severity ?

CWE

CWE-502 - Deserialization of Untrusted Data
CWE-400 - Uncontrolled Resource Consumption
CWE-20 - Improper Input Validation

Summary

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

References

►

URL

Tags

	https://logging.apache.org/log4j/2.x/security.html
	http://www.openwall.com/lists/oss-security/2021/12/10/1	mailing-list
	http://www.openwall.com/lists/oss-security/2021/12/10/2	mailing-list
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	vendor-advisory
	http://www.openwall.com/lists/oss-security/2021/12/10/3	mailing-list
	https://security.netapp.com/advisory/ntap-20211210-0007/
	http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
	https://www.oracle.com/security-alerts/alert-cve-2021-44228.html
	https://www.debian.org/security/2021/dsa-5020	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/	vendor-advisory
	https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/	vendor-advisory
	http://www.openwall.com/lists/oss-security/2021/12/13/2	mailing-list
	http://www.openwall.com/lists/oss-security/2021/12/13/1	mailing-list
	http://www.openwall.com/lists/oss-security/2021/12/14/4	mailing-list
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	vendor-advisory
	https://www.kb.cert.org/vuls/id/930724	third-party-advisory
	https://twitter.com/kurtseifried/status/1469345530182455296
	https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
	http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
	http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
	http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	vendor-advisory
	http://www.openwall.com/lists/oss-security/2021/12/15/3	mailing-list
	http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
	http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
	http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
	http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
	http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
	https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/	vendor-advisory
	http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html
	https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
	https://www.oracle.com/security-alerts/cpujan2022.html
	http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html
	https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
	http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html
	http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html
	http://seclists.org/fulldisclosure/2022/Mar/23	mailing-list
	https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001
	https://github.com/cisagov/log4j-affected-db
	https://support.apple.com/kb/HT213189
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228
	https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html
	http://seclists.org/fulldisclosure/2022/Jul/11	mailing-list
	http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html
	http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html
	http://seclists.org/fulldisclosure/2022/Dec/2	mailing-list
	http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Log4j2	Version: 2.0-beta9 < log4j-core*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:17:24.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
          },
          {
            "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
          },
          {
            "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
          },
          {
            "name": "DSA-5020",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5020"
          },
          {
            "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
          },
          {
            "name": "FEDORA-2021-f0f501d01f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
          },
          {
            "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
          },
          {
            "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
          },
          {
            "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
          },
          {
            "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
          },
          {
            "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
          },
          {
            "name": "FEDORA-2021-66d6c484f3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cisagov/log4j-affected-db"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
          },
          {
            "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
          },
          {
            "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-44228",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T14:25:34.416117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-12-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:52.215Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-12-10T00:00:00+00:00",
            "value": "CVE-2021-44228 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.12.2",
                  "status": "unaffected"
                },
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.15.0",
                  "status": "unaffected"
                }
              ],
              "lessThan": "log4j-core*",
              "status": "affected",
              "version": "2.0-beta9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Chen Zhaojun of Alibaba Cloud Security Team."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "critical"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-03T00:00:00.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "name": "[oss-security] 20211210 CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/1"
        },
        {
          "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/2"
        },
        {
          "name": "20211210 Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211210 Re: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/10/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211210-0007/"
        },
        {
          "url": "http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "url": "https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"
        },
        {
          "name": "DSA-5020",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5020"
        },
        {
          "name": "[debian-lts-announce] 20211212 [SECURITY] [DLA 2842-1] apache-log4j2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"
        },
        {
          "name": "FEDORA-2021-f0f501d01f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"
        },
        {
          "name": "Microsoft\u2019s Response to CVE-2021-44228 Apache Log4j 2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"
        },
        {
          "name": "[oss-security] 20211213 Re: CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/13/2"
        },
        {
          "name": "[oss-security] 20211213 CVE-2021-4104: Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/13/1"
        },
        {
          "name": "[oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/14/4"
        },
        {
          "name": "20211210 A Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "url": "https://twitter.com/kurtseifried/status/1469345530182455296"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
        },
        {
          "url": "http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"
        },
        {
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/15/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"
        },
        {
          "name": "FEDORA-2021-66d6c484f3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"
        },
        {
          "url": "http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"
        },
        {
          "url": "https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"
        },
        {
          "url": "http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
        },
        {
          "url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"
        },
        {
          "url": "https://github.com/cisagov/log4j-affected-db"
        },
        {
          "url": "https://support.apple.com/kb/HT213189"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"
        },
        {
          "url": "https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"
        },
        {
          "name": "20220721 Open-Xchange Security Advisory 2022-07-21",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jul/11"
        },
        {
          "url": "http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"
        },
        {
          "name": "20221208 Intel Data Center Manager \u003c= 5.1 Local Privileges Escalation",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Dec/2"
        },
        {
          "url": "http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-44228",
    "datePublished": "2021-12-10T00:00:00.000Z",
    "dateReserved": "2021-11-26T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:37:52.215Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6779 (GCVE-0-2017-6779)

Vulnerability from cvelistv5

Published

2018-06-07 12:00

Modified

2024-11-29 15:07

Severity ?

CWE

CWE-399

Summary

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

References

►

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Multiple Cisco Products unknown	Version: Multiple Cisco Products unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-6779",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:53.428544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:07:21.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple Cisco Products unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple Cisco Products unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-07T11:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6779",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple Cisco Products unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple Cisco Products unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM\u0026P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6779",
    "datePublished": "2018-06-07T12:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-11-29T15:07:21.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1395 (GCVE-0-2021-1395)

Vulnerability from cvelistv5

Published

2021-06-16 17:45

Modified

2024-11-07 22:07

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE

CWE-79

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

References

►

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL

vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Contact Center Express	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210616 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1395",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:41:30.462352Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T22:07:50.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-06-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-16T17:45:57",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210616 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuic-xss-csHUdtrL",
        "defect": [
          [
            "CSCvw91916",
            "CSCvx47672"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-06-16T16:00:00",
          "ID": "CVE-2021-1395",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Contact Center Express",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.7",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210616 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-csHUdtrL"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cuic-xss-csHUdtrL",
          "defect": [
            [
              "CSCvw91916",
              "CSCvx47672"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1395",
    "datePublished": "2021-06-16T17:45:57.112608Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-07T22:07:50.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20061 (GCVE-0-2023-20061)

Vulnerability from cvelistv5

Published

2023-03-03 00:00

Modified

2024-10-25 16:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200

Summary

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk

vendor-advisory

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Intelligence Center	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.572Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230301 Cisco Unified Intelligence Center Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20061",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:31.117470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:03:40.312Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230301 Cisco Unified Intelligence Center Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuic-infodisc-ssrf-84ZBmwVk",
        "defect": [
          [
            "CSCwd01184",
            "CSCwd02972"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20061",
    "datePublished": "2023-03-03T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:03:40.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-0740 (GCVE-0-2015-0740)

Vulnerability from cvelistv5

Published

2015-05-20 00:00

Modified

2024-08-06 04:17

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826.

References

►

URL

Tags

	http://tools.cisco.com/security/center/viewAlert.x?alertId=38913	vendor-advisory, x_refsource_CISCO
	http://www.securityfocus.com/bid/74732	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1032367	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.824Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913"
          },
          {
            "name": "74732",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74732"
          },
          {
            "name": "1032367",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T15:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913"
        },
        {
          "name": "74732",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74732"
        },
        {
          "name": "1032367",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032367"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0740",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150519 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38913"
            },
            {
              "name": "74732",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74732"
            },
            {
              "name": "1032367",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032367"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0740",
    "datePublished": "2015-05-20T00:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12253 (GCVE-0-2017-12253)

Vulnerability from cvelistv5

Published

2017-09-21 05:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-352

Summary

A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.

References

►

URL

Tags

	http://www.securityfocus.com/bid/100919	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039409	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Intelligence Center	Version: Cisco Unified Intelligence Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100919",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100919"
          },
          {
            "name": "1039409",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039409"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Intelligence Center"
            }
          ]
        }
      ],
      "datePublic": "2017-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-22T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100919",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100919"
        },
        {
          "name": "1039409",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039409"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Intelligence Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Intelligence Center"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100919",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100919"
            },
            {
              "name": "1039409",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039409"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12253",
    "datePublished": "2017-09-21T05:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20114 (GCVE-0-2025-20114)

Vulnerability from cvelistv5

Published

2025-05-21 16:19

Modified

2025-05-22 03:55

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Summary

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Unified Contact Center Express

Version: 10.6(1)
Version: 10.5(1)SU1
Version: 10.6(1)SU3
Version: 12.0(1)
Version: 10.0(1)SU1
Version: 10.6(1)SU1
Version: 11.0(1)SU1
Version: 11.5(1)SU1
Version: 10.5(1)
Version: 11.6(1)
Version: 11.6(2)
Version: 12.5(1)
Version: 12.5(1)SU1
Version: 12.5(1)SU2
Version: 12.5(1)SU3
Version: 12.5(1)_SU03_ES01
Version: 12.5(1)_SU03_ES02
Version: 12.5(1)_SU02_ES03
Version: 12.5(1)_SU02_ES04
Version: 12.5(1)_SU02_ES02
Version: 12.5(1)_SU01_ES02
Version: 12.5(1)_SU01_ES03
Version: 12.5(1)_SU02_ES01
Version: 11.6(2)ES07
Version: 11.6(2)ES08
Version: 12.5(1)_SU01_ES01
Version: 12.0(1)ES04
Version: 12.5(1)ES02
Version: 12.5(1)ES03
Version: 11.6(2)ES06
Version: 12.5(1)ES01
Version: 12.0(1)ES03
Version: 12.0(1)ES01
Version: 11.6(2)ES05
Version: 12.0(1)ES02
Version: 11.6(2)ES04
Version: 11.6(2)ES03
Version: 11.6(2)ES02
Version: 11.6(2)ES01
Version: 10.6(1)SU3ES03
Version: 11.0(1)SU1ES03
Version: 10.6(1)SU3ES01
Version: 10.5(1)SU1ES10
Version: 10.0(1)SU1ES04
Version: 11.5(1)SU1ES03
Version: 11.6(1)ES02
Version: 11.5(1)ES01
Version: 9.0(2)SU3ES04
Version: 10.6(1)SU2
Version: 10.6(1)SU2ES04
Version: 11.6(1)ES01
Version: 10.6(1)SU3ES02
Version: 11.5(1)SU1ES02
Version: 11.5(1)SU1ES01
Version: 8.5(1)
Version: 11.0(1)SU1ES02
Version: 12.5(1)_SU03_ES03
Version: 12.5(1)_SU03_ES04
Version: 12.5(1)_SU03_ES05
Version: 12.5(1)_SU03_ES06

Cisco

Cisco Unified Intelligence Center

Version: 11.6(1)
Version: 10.5(1)
Version: 11.0(1)
Version: 11.5(1)
Version: 12.0(1)
Version: 12.5(1)
Version: 11.0(2)
Version: 12.6(1)
Version: 12.5(1)SU
Version: 12.6(1)_ET
Version: 12.6(1)_ES05_ET
Version: 11.0(3)
Version: 12.6(2)
Version: 12.6(2)_504_Issue_ET
Version: 12.6.1_ExcelIssue_ET
Version: 12.6(2)_Permalink_ET
Version: 12.6.2_CSCwk19536_ET
Version: 12.6.2_CSCwm96922_ET
Version: 12.6.2_Amq_OOS_ET
Version: 12.5(2)ET_CSCwi79933
Version: 12.6(2)_ET
Version: 12.6.2_CSCwn48501_ET

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-22T03:55:18.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_Amq_OOS_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T16:19:33.618Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-priv-esc-3Pk96SU4",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-priv-esc-3Pk96SU4",
        "defects": [
          "CSCwk34894"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20114",
    "datePublished": "2025-05-21T16:19:33.618Z",
    "dateReserved": "2024-10-10T19:15:13.210Z",
    "dateUpdated": "2025-05-22T03:55:18.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12254 (GCVE-0-2017-12254)

Vulnerability from cvelistv5

Published

2017-09-21 05:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-79

Summary

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.

References

►

URL

Tags

	http://www.securityfocus.com/bid/100922	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1039410	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Intelligence Center	Version: Cisco Unified Intelligence Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.744Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100922",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100922"
          },
          {
            "name": "1039410",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039410"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Intelligence Center"
            }
          ]
        }
      ],
      "datePublic": "2017-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-22T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100922",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100922"
        },
        {
          "name": "1039410",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039410"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12254",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Intelligence Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Intelligence Center"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100922",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100922"
            },
            {
              "name": "1039410",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039410"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12254",
    "datePublished": "2017-09-21T05:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20062 (GCVE-0-2023-20062)

Vulnerability from cvelistv5

Published

2023-03-03 00:00

Modified

2024-10-25 16:03

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200

Summary

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk

vendor-advisory

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Intelligence Center	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230301 Cisco Unified Intelligence Center Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:29.911725Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:03:33.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230301 Cisco Unified Intelligence Center Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-infodisc-ssrf-84ZBmwVk"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuic-infodisc-ssrf-84ZBmwVk",
        "defect": [
          [
            "CSCwd01184",
            "CSCwd02972"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20062",
    "datePublished": "2023-03-03T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:03:33.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20058 (GCVE-0-2023-20058)

Vulnerability from cvelistv5

Published

2023-01-19 01:38

Modified

2024-10-25 16:04

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Unified Contact Center Enterprise

Version: N/A

Cisco	Cisco Unified Contact Center Express	Version: 11.0(1)SU1 Version: 12.0(1) Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 11.6(1) Version: 11.6(2)
Cisco	Cisco Unified Intelligence Center	Version: 11.0(1) Version: 11.5(1) Version: 11.6(1) Version: 12.0(1) Version: 12.5(1) Version: 12.5(1)SU Version: 12.6(1)
Cisco	Cisco Packaged Contact Center Enterprise	Version: 11.6(1) Version: 11.6(2) Version: 12.0(1) Version: 12.5(1) Version: 12.5(2) Version: 12.6(1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.869Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cuis-xss-Omm8jyBX",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20058",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:44.382026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:04:17.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            }
          ]
        },
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        },
        {
          "product": "Cisco Packaged Contact Center Enterprise",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "cvssV3_0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:39.867Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuis-xss-Omm8jyBX",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuis-xss-Omm8jyBX",
        "defects": [
          "CSCwc84104"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20058",
    "datePublished": "2023-01-19T01:38:26.055Z",
    "dateReserved": "2022-10-27T18:47:50.320Z",
    "dateUpdated": "2024-10-25T16:04:17.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-12248 (GCVE-0-2017-12248)

Vulnerability from cvelistv5

Published

2017-09-21 05:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-79

Summary

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.

References

►

URL

Tags

	http://www.securityfocus.com/bid/100921	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039408	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Intelligence Center	Version: Cisco Unified Intelligence Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100921",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100921"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic"
          },
          {
            "name": "1039408",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039408"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Intelligence Center"
            }
          ]
        }
      ],
      "datePublic": "2017-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-22T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100921",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100921"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic"
        },
        {
          "name": "1039408",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12248",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Intelligence Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Intelligence Center"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100921",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100921"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic"
            },
            {
              "name": "1039408",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12248",
    "datePublished": "2017-09-21T05:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-6789 (GCVE-0-2017-6789)

Vulnerability from cvelistv5

Published

2017-09-07 21:00

Modified

2024-08-05 15:41

Severity ?

CWE

CWE-79

Summary

A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325.

References

►

URL

Tags

	http://www.securitytracker.com/id/1039278	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/100646	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic	x_refsource_CONFIRM
	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Unified Intelligence Center	Version: Cisco Unified Intelligence Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.510Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039278",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039278"
          },
          {
            "name": "100646",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100646"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified Intelligence Center"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-08T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039278",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039278"
        },
        {
          "name": "100646",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100646"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Intelligence Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified Intelligence Center"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039278",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039278"
            },
            {
              "name": "100646",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100646"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic"
            },
            {
              "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325",
              "refsource": "CONFIRM",
              "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf18325"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6789",
    "datePublished": "2017-09-07T21:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6426 (GCVE-0-2016-6426)

Vulnerability from cvelistv5

Published

2016-10-05 21:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.

References

►

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1036952	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/93420	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
          },
          {
            "name": "1036952",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036952"
          },
          {
            "name": "93420",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
        },
        {
          "name": "1036952",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036952"
        },
        {
          "name": "93420",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6426",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
            },
            {
              "name": "1036952",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036952"
            },
            {
              "name": "93420",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6426",
    "datePublished": "2016-10-05T21:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1463 (GCVE-0-2021-1463)

Vulnerability from cvelistv5

Published

2021-04-08 04:06

Modified

2024-11-08 23:27

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

References

►

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6

vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Contact Center Express	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:11:17.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210407 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:45:45.964113Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:27:11.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-08T04:06:46",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210407 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuic-xss-U2WTsUg6",
        "defect": [
          [
            "CSCvx10201",
            "CSCvx10205"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-04-07T16:00:00",
          "ID": "CVE-2021-1463",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Contact Center Express",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210407 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-xss-U2WTsUg6"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cuic-xss-U2WTsUg6",
          "defect": [
            [
              "CSCvx10201",
              "CSCvx10205"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1463",
    "datePublished": "2021-04-08T04:06:46.177478Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:27:11.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6427 (GCVE-0-2016-6427)

Vulnerability from cvelistv5

Published

2016-10-06 10:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

References

►

URL

Tags

	http://www.securitytracker.com/id/1036953	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/93418	vdb-entry, x_refsource_BID
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036953",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036953"
          },
          {
            "name": "93418",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93418"
          },
          {
            "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036953",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036953"
        },
        {
          "name": "93418",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93418"
        },
        {
          "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036953",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036953"
            },
            {
              "name": "93418",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93418"
            },
            {
              "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6427",
    "datePublished": "2016-10-06T10:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-1658 (GCVE-0-2019-1658)

Vulnerability from cvelistv5

Published

2019-01-24 16:00

Modified

2024-11-21 19:47

Severity ?

4.7 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CWE

CWE-352

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user.

References

►

URL

Tags

	http://www.securityfocus.com/bid/106713	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Intelligence Center	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106713",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106713"
          },
          {
            "name": "20190123 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:00:51.980367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:47:09.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-25T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "106713",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106713"
        },
        {
          "name": "20190123 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190123-uic-csrf",
        "defect": [
          [
            "CSCvn41579"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-01-23T16:00:00-0800",
          "ID": "CVE-2019-1658",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified Intelligence Center",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.7",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106713",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106713"
            },
            {
              "name": "20190123 Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-uic-csrf"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190123-uic-csrf",
          "defect": [
            [
              "CSCvn41579"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1658",
    "datePublished": "2019-01-24T16:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:47:09.847Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6425 (GCVE-0-2016-6425)

Vulnerability from cvelistv5

Published

2016-10-06 10:00

Modified

2024-08-06 01:29

Severity ?

CWE

n/a

Summary

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.

References

►

URL

Tags

	http://www.securityfocus.com/bid/93422	vdb-entry, x_refsource_BID
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1036951	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.368Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93422",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93422"
          },
          {
            "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1"
          },
          {
            "name": "1036951",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036951"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "93422",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93422"
        },
        {
          "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1"
        },
        {
          "name": "1036951",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036951"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6425",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93422",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93422"
            },
            {
              "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1"
            },
            {
              "name": "1036951",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036951"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6425",
    "datePublished": "2016-10-06T10:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20278 (GCVE-0-2025-20278)

Vulnerability from cvelistv5

Published

2025-06-04 16:18

Modified

2025-06-06 03:55

Severity ?

6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Summary

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Finesse

Version: 11.0(1)ES_Rollback
Version: 10.5(1)ES4
Version: 11.6(1)ES3
Version: 11.0(1)ES2
Version: 12.0(1)ES2
Version: 10.5(1)ES3
Version: 11.0(1)
Version: 11.6(1)FIPS
Version: 11.6(1)ES4
Version: 11.0(1)ES3
Version: 10.5(1)ES6
Version: 11.0(1)ES7
Version: 11.5(1)ES4
Version: 10.5(1)ES8
Version: 11.5(1)
Version: 11.6(1)
Version: 10.5(1)ES10
Version: 11.6(1)ES2
Version: 11.6(1)ES
Version: 11.0(1)ES6
Version: 11.0(1)ES4
Version: 12.0(1)
Version: 11.6(1)ES7
Version: 10.5(1)ES7
Version: 11.6(1)ES8
Version: 11.5(1)ES1
Version: 11.6(1)ES1
Version: 11.5(1)ES5
Version: 11.0(1)ES1
Version: 10.5(1)
Version: 11.6(1)ES6
Version: 10.5(1)ES2
Version: 12.0(1)ES1
Version: 11.0(1)ES5
Version: 10.5(1)ES5
Version: 11.5(1)ES3
Version: 11.5(1)ES2
Version: 10.5(1)ES9
Version: 11.6(1)ES5
Version: 11.6(1)ES9
Version: 11.5(1)ES6
Version: 10.5(1)ES1
Version: 12.5(1)
Version: 12.0(1)ES3
Version: 11.6(1)ES10
Version: 12.5(1)ES1
Version: 12.5(1)ES2
Version: 12.0(1)ES4
Version: 12.5(1)ES3
Version: 12.0(1)ES5
Version: 12.5(1)ES4
Version: 12.0(1)ES6
Version: 12.5(1)ES5
Version: 12.5(1)ES6
Version: 12.0(1)ES7
Version: 12.6(1)
Version: 12.5(1)ES7
Version: 11.6(1)ES11
Version: 12.6(1)ES1
Version: 12.0(1)ES8
Version: 12.5(1)ES8
Version: 12.6(1)ES2
Version: 12.6(1)ES3
Version: 12.6(1)ES4
Version: 12.6(1)ES5
Version: 12.5(2)
Version: 12.5(1)_SU
Version: 12.5(1)SU
Version: 12.6(1)ES6
Version: 12.5(1)SU ES1
Version: 12.6(1)ES7
Version: 12.6(1)ES7_ET
Version: 12.6(2)
Version: 12.6(1)ES8
Version: 12.6(1)ES9
Version: 12.6(2)ES1
Version: 12.6(1)ES10
Version: 12.5(1)SU ES2
Version: 12.6(1)ES11
Version: 12.6(2)ES2
Version: 12.6(2)ES3
Version: 12.5(1)SU ES3
Version: 12.6(2)ES4
Version: 12.6(2)ES5

Cisco	Cisco SocialMiner	Version: 12.5(1)ES01 Version: 10.5(1) Version: 11.6(1) Version: 10.6(1) Version: 12.0(1)ES04 Version: 10.6(2) Version: 12.5(1) Version: 11.6(2) Version: 12.0(1) Version: 12.0(1)ES02 Version: 11.0(1) Version: 11.5(1) Version: 11.5(1)SU1 Version: 12.0(1)ES03 Version: 12.5(1)SU3 Version: 12.5(1)SU1 Version: 12.5(1)SU2
Cisco	Cisco Unified Communications Manager	Version: 12.5(1)SU2 Version: 12.5(1)SU1 Version: 12.5(1) Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 12.5(1)SU7a Version: 14SU3 Version: 12.5(1)SU8 Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 14SU4a Version: 15SU1a Version: 12.5(1)SU9
Cisco	Cisco Unified Communications Manager IM and Presence Service	Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 14SU2a Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 15 Version: Recovery ISO Version: 15SU1 Version: 14SU4 Version: 12.5(1)SU9
Cisco	Cisco Unified Contact Center Express	Version: 10.6(1) Version: 10.5(1)SU1 Version: 10.6(1)SU3 Version: 12.0(1) Version: 10.0(1)SU1 Version: 10.6(1)SU1 Version: 11.0(1)SU1 Version: 11.5(1)SU1 Version: 10.5(1) Version: 11.6(1) Version: 11.6(2) Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)_SU03_ES01 Version: 12.5(1)_SU03_ES02 Version: 12.5(1)_SU02_ES03 Version: 12.5(1)_SU02_ES04 Version: 12.5(1)_SU02_ES02 Version: 12.5(1)_SU01_ES02 Version: 12.5(1)_SU01_ES03 Version: 12.5(1)_SU02_ES01 Version: 11.6(2)ES07 Version: 11.6(2)ES08 Version: 12.5(1)_SU01_ES01 Version: 12.0(1)ES04 Version: 12.5(1)ES02 Version: 12.5(1)ES03 Version: 11.6(2)ES06 Version: 12.5(1)ES01 Version: 12.0(1)ES03 Version: 12.0(1)ES01 Version: 11.6(2)ES05 Version: 12.0(1)ES02 Version: 11.6(2)ES04 Version: 11.6(2)ES03 Version: 11.6(2)ES02 Version: 11.6(2)ES01 Version: 10.6(1)SU3ES03 Version: 11.0(1)SU1ES03 Version: 10.6(1)SU3ES01 Version: 10.5(1)SU1ES10 Version: 10.0(1)SU1ES04 Version: 11.5(1)SU1ES03 Version: 11.6(1)ES02 Version: 11.5(1)ES01 Version: 9.0(2)SU3ES04 Version: 10.6(1)SU2 Version: 10.6(1)SU2ES04 Version: 11.6(1)ES01 Version: 10.6(1)SU3ES02 Version: 11.5(1)SU1ES02 Version: 11.5(1)SU1ES01 Version: 8.5(1) Version: 11.0(1)SU1ES02 Version: 12.5(1)_SU03_ES03 Version: 12.5(1)_SU03_ES04 Version: 12.5(1)_SU03_ES05 Version: 12.5(1)_SU03_ES06
Cisco	Cisco Unified Intelligence Center	Version: 11.6(1) Version: 10.5(1) Version: 11.0(1) Version: 11.5(1) Version: 12.0(1) Version: 12.5(1) Version: 11.0(2) Version: 12.6(1) Version: 12.5(1)SU Version: 12.6(1)_ET Version: 12.6(1)_ES05_ET Version: 11.0(3) Version: 12.6(2) Version: 12.6(2)_504_Issue_ET Version: 12.6.1_ExcelIssue_ET Version: 12.6(2)_Permalink_ET Version: 12.6.2_CSCwk19536_ET Version: 12.6.2_CSCwm96922_ET Version: 12.6.2_Amq_OOS_ET Version: 12.5(2)ET_CSCwi79933 Version: 12.6(2)_ET Version: 12.6.2_CSCwn48501_ET
Cisco	Cisco Unity Connection	Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 14SU3a Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 12.5(1)SU9
Cisco	Cisco Virtualized Voice Browser	Version: 11.0(1) Version: 11.6(1)_ES84 Version: 11.5(1)_ES54 Version: 11.5(1)_ES27 Version: 11.5(1) Version: 11.5(1)ES36 Version: 12.0(1)_ES01 Version: 11.6(1)_ES85 Version: 12.5(1)_ES05 Version: 11.5(1)_ES32 Version: 11.6(1)_ES83 Version: 11.5(1)_ES29 Version: 12.0(1)_ES06 Version: 12.5(1) Version: 12.0(1)_ES07 Version: 11.6(1)_ES80 Version: 12.0(1)_ES05 Version: 11.5(1)_ES36 Version: 11.5(1)_ES53 Version: 12.5(1)_ES08 Version: 11.5(1)ES43 Version: 12.0(1)_ES03 Version: 11.6(1)_ES86 Version: 12.0(1)_ES04 Version: 11.5(1)ES27 Version: 12.5(1)_ES03 Version: 11.6(1)_ES88 Version: 12.5(1)_ES06 Version: 11.6(1)_ES82 Version: 11.6(1) Version: 11.5(1)ES29 Version: 12.5(1)_ES04 Version: 12.5(1)_ES07 Version: 11.6(1)_ES87 Version: 11.6(1)_ES81 Version: 12.0(1) Version: 11.6(1)_ES22 Version: 11.5(1)_ES43 Version: 11.5(1)ES32 Version: 12.0(1)_ES02 Version: 12.5(1)_ES02 Version: 12.6(1) Version: 12.5(1)_ES09 Version: 12.6(1)_ES01 Version: 12.0(1)_ES08 Version: 12.5(1)_ES10 Version: 12.6(1)_ES02 Version: 12.5(1)_ES11 Version: 12.5(1)_ES12 Version: 12.6(1)_ES03 Version: 12.5(1)_ES13 Version: 12.5(1)_ES14 Version: 12.6(1)_ES04 Version: 12.6(1)_ES05 Version: 12.5(1)_ES15 Version: 12.6(1)_ES06 Version: 12.6(1)_ET Version: 12.5(1)_ES16 Version: 12.5(1)SU Version: 12.5(1)_SU Version: 12.5(1)_SU_ES01 Version: 12.6(1)_ES07 Version: 12.6(2) Version: 12.5(1)_ES17 Version: 12.6(1)_ES08 Version: 12.6(1)_ES09 Version: 12.6(1)_ES10 Version: 12.5(1)_SU_ES02 Version: 12.6(2)_ES01 Version: 12.6(2)_ET01 Version: 12.5(2)_ET Version: 12.6(2)_ES02 Version: 12.6(2)_ET_Streaming Version: 12.6(2)ET_Transcribe Version: 12.6(2)_ES03 Version: 12.6(2)ET_NuanceMix Version: 12.6(2)ET_FileUpload Version: 12.6(2)_ET02 Version: 12.6(2)_ES04 Version: 12.6.2ET_RTPfallback Version: 12.6.2ET_CSCwf55306 Version: 12.6.2_ET_CSCwj36712 Version: 12.5.2 ET-CSCwj33374 Version: 12.5(1) SU ET Version: 12.6(2)ET_CSCwj87296 Version: 12.6(2)_ES05 Version: 12.5.2_ET_CSCvz27014 Version: 12.6(2)_ET Version: 12.6.2-ET Version: 12.6(2)ET_CSCwk83135 Version: 12.6.2_ET_CX_ALAW Version: 12.6.2-ET01-SSL Version: 12.6(2)_ES06

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20278",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-06T03:55:32.661Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Finesse",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)ES_Rollback"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)FIPS"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES10"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES1"
            },
            {
              "status": "affected",
              "version": "11.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "10.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES7"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES5"
            },
            {
              "status": "affected",
              "version": "12.5(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES6"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES7_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES9"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES1"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES2"
            },
            {
              "status": "affected",
              "version": "12.6(1)ES11"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES2"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU ES3"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES4"
            },
            {
              "status": "affected",
              "version": "12.6(2)ES5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco SocialMiner",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "10.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7a"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "14SU4a"
            },
            {
              "status": "affected",
              "version": "15SU1a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Communications Manager IM and Presence Service",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "14SU2a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "Recovery ISO"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Contact Center Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "10.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES01"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU02_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES07"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU01_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES03"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES01"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES05"
            },
            {
              "status": "affected",
              "version": "12.0(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES04"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES03"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES02"
            },
            {
              "status": "affected",
              "version": "11.6(2)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES03"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES01"
            },
            {
              "status": "affected",
              "version": "10.5(1)SU1ES10"
            },
            {
              "status": "affected",
              "version": "10.0(1)SU1ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES01"
            },
            {
              "status": "affected",
              "version": "9.0(2)SU3ES04"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU2ES04"
            },
            {
              "status": "affected",
              "version": "11.6(1)ES01"
            },
            {
              "status": "affected",
              "version": "10.6(1)SU3ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "11.5(1)SU1ES01"
            },
            {
              "status": "affected",
              "version": "8.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)SU1ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU03_ES06"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05_ET"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.6(2)_504_Issue_ET"
            },
            {
              "status": "affected",
              "version": "12.6.1_ExcelIssue_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_Permalink_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwk19536_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwm96922_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_Amq_OOS_ET"
            },
            {
              "status": "affected",
              "version": "12.5(2)ET_CSCwi79933"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2_CSCwn48501_ET"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unity Connection",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU4"
            },
            {
              "status": "affected",
              "version": "14"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU5"
            },
            {
              "status": "affected",
              "version": "14SU1"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU6"
            },
            {
              "status": "affected",
              "version": "14SU2"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU7"
            },
            {
              "status": "affected",
              "version": "14SU3"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8"
            },
            {
              "status": "affected",
              "version": "14SU3a"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU8a"
            },
            {
              "status": "affected",
              "version": "15"
            },
            {
              "status": "affected",
              "version": "15SU1"
            },
            {
              "status": "affected",
              "version": "14SU4"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU9"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Virtualized Voice Browser",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES84"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES54"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES27"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES36"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES01"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES85"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES05"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES32"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES83"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES29"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES07"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES80"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES05"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES36"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES53"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES08"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES43"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES86"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES04"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES27"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES03"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES88"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES06"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES82"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES29"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES07"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES87"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES81"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES22"
            },
            {
              "status": "affected",
              "version": "11.5(1)_ES43"
            },
            {
              "status": "affected",
              "version": "11.5(1)ES32"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES01"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES02"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES11"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES12"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES03"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES13"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES14"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES05"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES15"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES06"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES16"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES07"
            },
            {
              "status": "affected",
              "version": "12.6(2)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES17"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES08"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES09"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.5(1)_SU_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES01"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET01"
            },
            {
              "status": "affected",
              "version": "12.5(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET_Streaming"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_Transcribe"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES03"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_NuanceMix"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_FileUpload"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET02"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES04"
            },
            {
              "status": "affected",
              "version": "12.6.2ET_RTPfallback"
            },
            {
              "status": "affected",
              "version": "12.6.2ET_CSCwf55306"
            },
            {
              "status": "affected",
              "version": "12.6.2_ET_CSCwj36712"
            },
            {
              "status": "affected",
              "version": "12.5.2 ET-CSCwj33374"
            },
            {
              "status": "affected",
              "version": "12.5(1) SU ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_CSCwj87296"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES05"
            },
            {
              "status": "affected",
              "version": "12.5.2_ET_CSCvz27014"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ET"
            },
            {
              "status": "affected",
              "version": "12.6.2-ET"
            },
            {
              "status": "affected",
              "version": "12.6(2)ET_CSCwk83135"
            },
            {
              "status": "affected",
              "version": "12.6.2_ET_CX_ALAW"
            },
            {
              "status": "affected",
              "version": "12.6.2-ET01-SSL"
            },
            {
              "status": "affected",
              "version": "12.6(2)_ES06"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T16:18:20.661Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-vos-command-inject-65s2UCYy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-vos-command-inject-65s2UCYy",
        "defects": [
          "CSCwk24029"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Unified Communications Products Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20278",
    "datePublished": "2025-06-04T16:18:20.661Z",
    "dateReserved": "2024-10-10T19:15:13.246Z",
    "dateUpdated": "2025-06-06T03:55:32.661Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-20325 (GCVE-0-2024-20325)

Vulnerability from cvelistv5

Published

2024-02-21 16:09

Modified

2024-08-27 21:08

Severity ?

5.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-284 - Improper Access Control

Summary

A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Unified Intelligence Center	Version: 11.0(1) Version: 11.0(2) Version: 11.0(3) Version: 10.5(1) Version: 11.5(1) Version: 11.6(1) Version: 12.0(1) Version: 12.5(1) Version: 12.5(1)SU Version: 12.6(1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cuic-access-control-jJsZQMjj",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:unified_intelligence_center:11.0\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:11.0\\(2\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:11.0\\(3\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:10.5\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:11.5\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:11.6\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:12.0\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:12.5\\(1\\):*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:12.5\\(1\\)su:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:unified_intelligence_center:12.6\\(1\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_intelligence_center",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.0\\(1\\)"
              },
              {
                "status": "affected",
                "version": "11.0\\(2\\)"
              },
              {
                "status": "affected",
                "version": "11.0\\(3\\)"
              },
              {
                "status": "affected",
                "version": "10.5\\(1\\)"
              },
              {
                "status": "affected",
                "version": "11.5\\(1\\)"
              },
              {
                "status": "affected",
                "version": "11.6\\(1\\)"
              },
              {
                "status": "affected",
                "version": "12.0\\(1\\)"
              },
              {
                "status": "affected",
                "version": "12.5\\(1\\)"
              },
              {
                "status": "affected",
                "version": "12.5\\(1\\)su"
              },
              {
                "status": "affected",
                "version": "12.6\\(1\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20325",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T18:55:16.943266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T21:08:46.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Intelligence Center",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "11.0(2)"
            },
            {
              "status": "affected",
              "version": "11.0(3)"
            },
            {
              "status": "affected",
              "version": "10.5(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SU"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device.\r\n\r This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Control",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T16:09:03.422Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cuic-access-control-jJsZQMjj",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cuic-access-control-jJsZQMjj",
        "defects": [
          "CSCwi22418"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20325",
    "datePublished": "2024-02-21T16:09:03.422Z",
    "dateReserved": "2023-11-08T15:08:07.640Z",
    "dateUpdated": "2024-08-27T21:08:46.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerabilites related to cisco - unified_intelligence_center

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

CVE-2025-20113 (GCVE-0-2025-20113)

Vulnerability from cvelistv5

CVE-2017-12337 (GCVE-0-2017-12337)

Vulnerability from cvelistv5

CVE-2019-1670 (GCVE-0-2019-1670)

Vulnerability from cvelistv5

CVE-2019-1860 (GCVE-0-2019-1860)

Vulnerability from cvelistv5

CVE-2025-20274 (GCVE-0-2025-20274)

Vulnerability from cvelistv5

CVE-2025-20288 (GCVE-0-2025-20288)

Vulnerability from cvelistv5

CVE-2015-4274 (GCVE-0-2015-4274)

Vulnerability from cvelistv5

CVE-2021-44228 (GCVE-0-2021-44228)

Vulnerability from cvelistv5

CVE-2017-6779 (GCVE-0-2017-6779)

Vulnerability from cvelistv5

CVE-2021-1395 (GCVE-0-2021-1395)

Vulnerability from cvelistv5

CVE-2023-20061 (GCVE-0-2023-20061)

Vulnerability from cvelistv5

CVE-2015-0740 (GCVE-0-2015-0740)

Vulnerability from cvelistv5

CVE-2017-12253 (GCVE-0-2017-12253)

Vulnerability from cvelistv5

CVE-2025-20114 (GCVE-0-2025-20114)

Vulnerability from cvelistv5

CVE-2017-12254 (GCVE-0-2017-12254)

Vulnerability from cvelistv5

CVE-2023-20062 (GCVE-0-2023-20062)

Vulnerability from cvelistv5

CVE-2023-20058 (GCVE-0-2023-20058)

Vulnerability from cvelistv5

CVE-2017-12248 (GCVE-0-2017-12248)

Vulnerability from cvelistv5

CVE-2017-6789 (GCVE-0-2017-6789)

Vulnerability from cvelistv5

CVE-2016-6426 (GCVE-0-2016-6426)

Vulnerability from cvelistv5

CVE-2021-1463 (GCVE-0-2021-1463)

Vulnerability from cvelistv5

CVE-2016-6427 (GCVE-0-2016-6427)

Vulnerability from cvelistv5

CVE-2019-1658 (GCVE-0-2019-1658)

Vulnerability from cvelistv5

CVE-2016-6425 (GCVE-0-2016-6425)

Vulnerability from cvelistv5

CVE-2025-20278 (GCVE-0-2025-20278)

Vulnerability from cvelistv5

CVE-2024-20325 (GCVE-0-2024-20325)

Vulnerability from cvelistv5