threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cisco unity connection
Product
cisco unity connection
63 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-20081
<= 12.5
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files
6.5
MEDIUM
CVE-2026-20078
<= 12.5
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files
6.5
MEDIUM
CVE-2026-20061
<= 12.5
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to p
4.3
MEDIUM
CVE-2026-20060
<= 12.5
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to
4.7
MEDIUM
CVE-2026-20059
<= 12.5
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to
6.1
MEDIUM
CVE-2026-20045
>= 12.5 and < 14su5
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edit
8.2
HIGH
CVE-2025-20278
all versions
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execu
6.0
MEDIUM
CVE-2024-20305
< 15.0
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to c
4.8
MEDIUM
CVE-2024-20253
< 12.5\(1\)su8
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, rem
9.9
CRITICAL
CVE-2024-20272
< 12.5.1.19017-4
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to
7.3
HIGH
CVE-2023-20259
all versions
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attack
8.6
HIGH
CVE-2023-20266
all versions
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Mana
6.5
MEDIUM
CVE-2022-20859
>= 14.0 and < 14su2
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communicati
6.5
MEDIUM
CVE-2022-20800
>= 11.5\(1\) and < 14su2
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communic
6.1
MEDIUM
CVE-2022-20752
>= 12.5\(1\) and < 12.5\(1\)su6
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edit
5.3
MEDIUM
CVE-2022-20788
>= 12.5\(1\) and < 12.5\(1\)su6
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Sessi
6.1
MEDIUM
CVE-2021-44228
< 11.5\(1\)
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration
10.0
CRITICAL
CVE-2021-34701
< 14su1
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communic
4.3
MEDIUM
CVE-2021-1409
< 14.0
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified
6.1
MEDIUM
CVE-2021-1380
< 14.0
Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified
6.1
MEDIUM
CVE-2021-1362
>= 10.5\(2\) and < 11.5\(1\)su9
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Man
8.8
HIGH
CVE-2021-1226
>= 11.5\(1\) and < 11.5\(1\)su9
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Sessi
4.3
MEDIUM
CVE-2020-3130
>= 11.0 and < 11.5su7
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrit
6.5
MEDIUM
CVE-2020-3282
>= 10.5\(2\) and < 10.5\(2\)su10
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manage
6.1
MEDIUM
CVE-2020-3129
< 12.5su2
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote atta
4.8
MEDIUM
CVE-2019-1915
all versions
A vulnerability in the web-based interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session M
6.5
MEDIUM
CVE-2019-12707
all versions
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remot
6.1
MEDIUM
CVE-2019-1685
all versions
A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could al
6.1
MEDIUM
CVE-2018-15426
all versions
A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a st
4.8
MEDIUM
CVE-2018-15403
all versions
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communicati
5.4
MEDIUM
CVE-2018-15396
all versions
A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to
6.8
MEDIUM
CVE-2018-0354
all versions
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-
6.1
MEDIUM
CVE-2017-6779
>= 10.5 and < 10.5su5
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati
7.5
HIGH
CVE-2018-0203
all versions
A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited em
5.3
MEDIUM
CVE-2017-12337
all versions
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platfo
9.8
CRITICAL
CVE-2017-12212
all versions
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflec
6.1
MEDIUM
CVE-2017-6629
all versions
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to acce
5.3
MEDIUM
CVE-2015-6360
all versions
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted f
7.5
HIGH
CVE-2016-1377
all versions
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web sc
6.1
MEDIUM
CVE-2016-1304
all versions
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web sc
6.1
MEDIUM
CVE-2016-1300
all versions
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary w
6.1
MEDIUM
CVE-2015-6408
all versions
Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authent
CVE-2015-6390
all versions
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers t
CVE-2015-6299
all versions
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users
CVE-2015-0716
all versions
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.9800
CVE-2015-0715
all versions
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows r
CVE-2015-0616
all versions
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, a
CVE-2015-0615
all versions
The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and
CVE-2015-0614
all versions
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9
CVE-2015-0613
all versions
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9
CVE-2015-0612
all versions
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, a
CVE-2014-7988
<= 10.5
The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensiti
CVE-2014-3336
all versions
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to
CVE-2014-3333
all versions
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting
CVE-2014-2145
all versions
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitra
CVE-2014-2125
<= 8.6
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers
CVE-2014-0664
all versions
The server in Cisco Unity Connection allows remote authenticated users to cause a denial of service (CPU consumption) via unspecif
CVE-2013-5534
all versions
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service)
CVE-2013-1129
all versions
Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process cra
CVE-2012-3096
all versions
Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption
CVE-2012-3060
all versions
Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed
CVE-2012-0367
<= 7.1\(5b\)su4
Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a
CVE-2012-0366
<= 7.1\(3b\)su1
Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging th
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin