cisco-sa-20180221-cuc
Cisco PSIRT2018-02-21
Cisco Unity Connection Mail Relay Vulnerability
CVEs:CVE-2018-0203
Affected products
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-73608 | affected | Cisco | — | — |
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 2 are already weaponised in the wild — see the Exploited section.
Cisco Unity Connection Mail Relay Vulnerability
CVEs:CVE-2018-0203
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-73608 | affected | Cisco | — | — |
Cisco Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability
CVEs:CVE-2018-0139
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-8027 | affected | Cisco | — | — |
Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0145
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-208310 | affected | Cisco | — | — |
Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability
CVEs:CVE-2018-0146
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-208310 | affected | Cisco | — | — |
Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability
CVEs:CVE-2018-0121
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227689 | affected | Cisco | — | — |
Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
CVEs:CVE-2018-0130
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-227689 | affected | Cisco | — | — |
Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0199
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-192127 | affected | Cisco | — | — |
| CVRFPID-210554 | affected | Cisco | — | — |
Cisco Jabber Client Framework for Windows and Mac Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0201
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-192127 | affected | Cisco | — | — |
| CVRFPID-210554 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability
CVEs:CVE-2018-0204
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0205
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-209583 | affected | Cisco | — | — |
Cisco Prime Service Catalog Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0200
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-202401 | affected | Cisco | — | — |
Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability
CVEs:CVE-2018-0124
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-188989 | affected | Cisco | — | — |
Multiple Cisco Unified Communications Products Reflected Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0206
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-4844 | affected | Cisco | — | — |
| CVRFPID-88444 | affected | Cisco | — | — |
Cisco UCS Director and Cisco Integrated Management Controller Supervisor Cross-Site Request Forgery Vulnerability
CVEs:CVE-2018-0148
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-197112 | affected | Cisco | — | — |
| CVRFPID-209194 | affected | Cisco | — | — |
Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability
CVEs:CVE-2018-0122
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-193199 | affected | Cisco | — | — |
Cisco Prime Network TCP Denial of Service Vulnerability
CVEs:CVE-2018-0137
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-210593 | affected | Cisco | — | — |
Cisco Policy Suite RADIUS Authentication Bypass Vulnerability
CVEs:CVE-2018-0116
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-213864 | affected | Cisco | — | — |
Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability
CVEs:CVE-2018-0134
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-213864 | affected | Cisco | — | — |
Cisco Unified Communications Manager SQL Injection Vulnerability
CVEs:CVE-2018-0120
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-88444 | affected | Cisco | — | — |
Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0128
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-208310 | affected | Cisco | — | — |
Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability
CVEs:CVE-2018-0129
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-208310 | affected | Cisco | — | — |
Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability
CVEs:CVE-2018-0140
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-189790 | affected | Cisco | — | — |
| CVRFPID-189791 | affected | Cisco | — | — |
Cisco Firepower System Software BitTorrent File Policy Bypass Vulnerability
CVEs:CVE-2018-0138
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-220203 | affected | Cisco | — | — |
Cisco IOS XE Software Diagnostic Shell Path Traversal Vulnerability
CVEs:CVE-2018-0123
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-93036 | affected | Cisco | — | — |
Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability
CVEs:CVE-2018-0132
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-5834 | affected | Cisco | — | — |
Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability
CVEs:CVE-2018-0125
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-183630 | affected | Cisco | — | — |
Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability
CVEs:CVE-2018-0127
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-232399 | affected | Cisco | — | — |
| CVRFPID-232400 | affected | Cisco | — | — |
Cisco Spark Information Disclosure Vulnerability
CVEs:CVE-2018-0119
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-210403 | affected | Cisco | — | — |
Cisco Unified Communications Manager Information Disclosure Vulnerability
CVEs:CVE-2018-0135
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-88444 | affected | Cisco | — | — |
Cisco Unified Communications Manager Information Disclosure Vulnerability
CVEs:CVE-2018-0198
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-88444 | affected | Cisco | — | — |
Cisco UCS Central Arbitrary Command Execution Vulnerability
CVEs:CVE-2018-0113
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-191687 | affected | Cisco | — | — |
Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability
CVEs:CVE-2018-0117
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| CVRFPID-217771 | affected | Cisco | — | — |
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.