Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cisco Subscribe
Filtered by product Unity Express
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-15986 1 Cisco 1 Unity Express 2021-10-29 7.2 HIGH 6.7 MEDIUM
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.
CVE-2018-15381 1 Cisco 1 Unity Express 2019-10-09 10.0 HIGH 9.8 CRITICAL
A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.
CVE-2006-2166 1 Cisco 2 Unity Express, Unity Express Software 2018-10-30 2.1 LOW N/A
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
CVE-2005-4794 1 Cisco 7 Application And Content Networking Software, Ata, Ip Phone 7902 and 4 more 2017-07-19 5.0 MEDIUM N/A
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.
CVE-2013-1120 1 Cisco 2 Unity Express, Unity Express Software 2013-02-06 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.