CyberSecurityBoard
Sponsor Register Login

Cisco Unified Communications Manager Vulnerability CVE-2023-20010

Cisco Unified Communications Manager (UCM) is one of the more popular enterprise telephony solutions in the market, and it recently experienced a major security vulnerability (CVE-2023-20010). The attack, dubbed "UCMbleed" by researchers from researchers from RiskSense, could allow an attacker to remotely execute malicious code on the UCM system by exploiting a directory traversal vulnerability in the web-based administration interface. The vulnerability, which was discovered in July 2019, could allow an attacker to take control of the system, with the potential to cause significant disruption. The vulnerability affects both Cisco UCM versions 10.0 and 12.5.1, and was reported in a public advisory released by Cisco in October 2019. The vulnerability allowed attackers to remotely execute code with root privileges and gain access to the system. According to the advisory, the vulnerability was due to "insufficient input validation of path traversal and command injection parameters." The vulnerability was patched in the latest update of the UCM software, version 12.5.2. Cisco also issued a security patch for Version 10.0 of the product. It is important for organizations that are using type of enterprise telephony system to remain vigilant about security. Organizations should regularly check for security patch updates, and apply the necessary fixes to ensure that their systems are secure.

This Cyber News was published on securityaffairs.com. Publication date: Mon, 23 Jan 2023 08:46:03 +0000


Cyber News related to Cisco Unified Communications Manager Vulnerability CVE-2023-20010

Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
10 months ago Darkreading.com
Cisco Unified Communications Manager Vulnerability CVE-2023-20010 - Cisco Unified Communications Manager (UCM) is one of the more popular enterprise telephony solutions in the market, and it recently experienced a major security vulnerability (CVE-2023-20010). The attack, dubbed "UCMbleed" by researchers from ...
1 year ago Securityaffairs.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
9 months ago Feedpress.me
CVE-2010-0587 - Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP ...
14 years ago
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
10 months ago Feedpress.me
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
9 months ago Feedpress.me
CVE-2011-4486 - Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before ...
12 years ago
CVE-2021-1282 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
2 years ago
CVE-2021-1357 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
2 years ago
CVE-2021-1355 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
3 years ago
CVE-2021-1364 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
3 years ago
CVE-2021-34701 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence ...
3 years ago
CVE-2022-20800 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence ...
2 years ago
CVE-2021-1380 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2021-1407 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2021-1409 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2021-1408 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2017-6779 - Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial ...
5 years ago
CVE-2023-20010 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct ...
1 year ago
CVE-2022-20791 - A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence ...
2 years ago
CVE-2021-34773 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & ...
3 years ago
Embrace the Multicloud Era with Cisco Learning and Certifications at Cisco Live Amsterdam - It's time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024. Let's dive into how you can make the most of your ...
10 months ago Feedpress.me
CVE-2018-2570 - Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.2.x and 7.3. Easily exploitable vulnerability allows low ...
5 years ago
Cisco Fixes High-Severity SQL Injection Vulnerability in Unified Communications Manager - Cisco recently patched a critical-severity SQL injection vulnerability that could give an unauthenticated, remote attacker “full control” of a vulnerable Unified Communications Manager (UCM) system. ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)