Cisco Unity_connection
34 CVEs affecting Cisco Unity_connection. Latest disclosed: 2026-04-15. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-12337 | Critical | 9.8 | 2017-11-16 | A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthentic… |
CVE-2015-6360 | High | 7.5 | 2016-04-21 | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bu… |
CVE-2026-20081 | Medium | 6.5 | 2026-04-15 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To e… |
CVE-2026-20078 | Medium | 6.5 | 2026-04-15 | Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To e… |
CVE-2026-20059 | Medium | 6.1 | 2026-04-15 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS atta… |
CVE-2017-12212 | Medium | 6.1 | 2017-09-07 | A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS… |
CVE-2016-1377 | Medium | 6.1 | 2016-04-12 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
CVE-2016-1304 | Medium | 6.1 | 2016-01-30 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted va… |
CVE-2016-1300 | Medium | 6.1 | 2016-01-27 | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a craft… |
CVE-2017-6629 | Medium | 5.3 | 2017-05-03 | A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locatio… |
CVE-2026-20060 | Medium | 4.7 | 2026-04-15 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicio… |
CVE-2026-20061 | Medium | 4.3 | 2026-04-15 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attac… |
CVE-2015-6408 | | 2015-12-12 | Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, a… | |
CVE-2015-6390 | | 2015-12-03 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script… | |
CVE-2015-6299 | | 2015-09-20 | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL comm… | |
CVE-2015-0716 | | 2015-05-07 | Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attacker… | |
CVE-2015-0715 | | 2015-05-07 | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to… | |
CVE-2015-0616 | | 2015-04-03 | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when… | |
CVE-2015-0615 | | 2015-04-03 | The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when… | |
CVE-2015-0614 | | 2015-04-03 | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0… |