CVE-2024-20253 — CVSS 9.9 (critical): A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote…
CVE-2017-12337 — CVSS 9.8 (critical): A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could…
CVE-2012-0366 — CVSS 9.0 (critical): Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help…
CVE-2014-3333 — CVSS 9.0 (critical): The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP…
CVE-2026-20034 — CVSS 8.8 (high): A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute…
CVE-2021-1362 — CVSS 8.8 (high): A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management…
CVE-2023-20259 — CVSS 8.6 (high): A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to…
CVE-2012-3060 — CVSS 7.8 (high): Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP…
CVE-2012-0367 — CVSS 7.8 (high): Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of…
CVE-2017-6779 — CVSS 7.5 (high): Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration…
CVE-2015-6360 — CVSS 7.5 (high): The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in…
CVE-2024-20272 — CVSS 7.3 (high): A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload…
CVE-2026-20035 — CVSS 7.2 (high): A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks…
CVE-2015-0615 — CVSS 7.1 (high): The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0…
CVE-2015-0613 — CVSS 7.1 (high): The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before…
CVE-2015-0612 — CVSS 7.1 (high): The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x…
CVE-2015-0616 — CVSS 7.1 (high): The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x…
CVE-2015-0614 — CVSS 7.1 (high): The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before…
CVE-2018-15396 — CVSS 6.8 (medium): A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause…
CVE-2014-0664 — CVSS 6.8 (medium): The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecified IMAP…
CVE-2015-0716 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332)…
CVE-2015-6408 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication…
CVE-2015-6299 — CVSS 6.5 (medium): SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to…
CVE-2026-20081 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an…
CVE-2026-20078 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an…
CVE-2015-0715 — CVSS 6.5 (medium): SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote…
CVE-2014-3336 — CVSS 6.5 (medium): SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute…
CVE-2020-3130 — CVSS 6.5 (medium): A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files…
CVE-2019-1915 — CVSS 6.5 (medium): A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management…
CVE-2022-20859 — CVSS 6.5 (medium): A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications…
CVE-2022-20788 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session…
CVE-2016-1300 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script…
CVE-2016-1304 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or…
CVE-2016-1377 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or…
CVE-2017-12212 — CVSS 6.1 (medium): A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected…
CVE-2018-0354 — CVSS 6.1 (medium): A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site…
CVE-2019-12707 — CVSS 6.1 (medium): A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote…
CVE-2019-1685 — CVSS 6.1 (medium): A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an…
CVE-2020-3282 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session…
CVE-2021-1380 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified…
CVE-2021-1409 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified…
CVE-2022-20800 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications…
CVE-2026-20059 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct…
CVE-2025-20278 — CVSS 6.0 (medium): A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute…
CVE-2018-15403 — CVSS 5.4 (medium): A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications…
CVE-2017-6629 — CVSS 5.3 (medium): A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files…
CVE-2018-0203 — CVSS 5.3 (medium): A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email…
CVE-2013-1129 — CVSS 5.0 (medium): Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by…
CVE-2020-3129 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to…
CVE-2018-15426 — CVSS 4.8 (medium): A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored…
CVE-2024-20305 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a…
CVE-2026-20060 — CVSS 4.7 (medium): A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect…
CVE-2021-1226 — CVSS 4.3 (medium): A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session…
CVE-2026-20061 — CVSS 4.3 (medium): A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an…
CVE-2021-34701 — CVSS 4.3 (medium): A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications…
CVE-2015-6390 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject…
CVE-2014-2125 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to…
CVE-2014-7988 — CVSS 4.0 (medium): The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive…
CVE-2014-2145 — CVSS 4.0 (medium): Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files…
CVE-2013-5534 — CVSS 4.0 (medium): Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco…
CVE-2012-3096 — CVSS 4.0 (medium): Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and…