Refine your search
2 vulnerabilities found for Unified Communications Manager Session Management Edition by Cisco
CERTFR-2025-AVI-0553
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur précise que les produits affectés sont des versions limitées, nommées Engineering Special (ES), qui ont été distribuées uniquement par le centre d'assistance technique de Cisco.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager Session Management Edition | Unified Communications Manager Session Management Edition versions 15.0.1.x antérieures à 15SU3 ou sans le correctif de sécurité ciscocm.CSCwp27755_D0247-1.cop.sha512 | ||
| Cisco | Unified Communications Manager | Unified Communications Manager versions 15.0.1.x antérieures à 15SU3 ou sans le correctif de sécurité ciscocm.CSCwp27755_D0247-1.cop.sha512 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Unified Communications Manager Session Management Edition versions 15.0.1.x ant\u00e9rieures \u00e0 15SU3 ou sans le correctif de s\u00e9curit\u00e9 ciscocm.CSCwp27755_D0247-1.cop.sha512",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager versions 15.0.1.x ant\u00e9rieures \u00e0 15SU3 ou sans le correctif de s\u00e9curit\u00e9 ciscocm.CSCwp27755_D0247-1.cop.sha512",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que les produits affect\u00e9s sont des versions limit\u00e9es, nomm\u00e9es Engineering Special (ES), qui ont \u00e9t\u00e9 distribu\u00e9es uniquement par le centre d\u0027assistance technique de Cisco.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20309"
}
],
"initial_release_date": "2025-07-03T00:00:00",
"last_revision_date": "2025-07-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0553",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
"vendor_advisories": [
{
"published_at": "2025-07-02",
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-ssh-m4UBdpE7",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7"
}
]
}
CERTFR-2016-AVI-045
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Digital Media Manager (DMM) | ||
| Cisco | N/A | Cisco NAC Guest Server versions antérieures à 2.1.0 (disponible le 19 février 2016) | ||
| Cisco | IOS | IOS-XR for Cisco Network Convergence System (NCS) 6000 | ||
| Cisco | N/A | Cisco Intelligent Automation for Cloud | ||
| Cisco | N/A | Cisco DCM Series 9900-Digital Content Manager versions antérieures à 18.0 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco Video Surveillance Media Server | ||
| Cisco | N/A | Cisco FireSIGHT System Software versions antérieures à 6.1 (disponible en juin 2016) | ||
| Cisco | Unified Communications Manager Session Management Edition | Cisco Unified Communications Manager Session Management Edition (SME) | ||
| Cisco | N/A | Cisco Videoscape Policy and Resource Management | ||
| Cisco | N/A | Cisco Management Heartbeat Server versions antérieures à RMS5.x MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco Standalone rack server CIMC | ||
| Cisco | N/A | Cloud Object Store (COS) versions antérieures à 3.8 (disponible le 9 avril 2016) | ||
| Cisco | N/A | Cisco Universal Small Cell 7000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco | N/A | Cisco TelePresence Video Communication Server (VCS) versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco UCS Central | ||
| Cisco | N/A | Cisco TelePresence Conductor versions antérieures à XC4.2 (disponible le 30 mars 2016) | ||
| Cisco | N/A | Cisco Application and Content Networking System (ACNS) versions antérieures à 5.5.41 (disponible le 29 février 2016) | ||
| Cisco | N/A | Cisco Digital Media Manager | ||
| Cisco | N/A | Cisco Virtual Topology System | ||
| Cisco | N/A | Cisco IP Interoperability and Collaboration System (IPICS) | ||
| Cisco | Unified Communications | Unified Communications Deployment Tools | ||
| Cisco | N/A | Cisco Enterprise Content Delivery System (ECDS) versions antérieures à 2.6.7 (disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Quantum Virtualized Packet Core | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1 | ||
| Cisco | N/A | Cisco ASA CX et Cisco Prime Security Manager versions antérieures à 9.3.4.5 (disponible le 30 mai 2016) | ||
| Cisco | Jabber | Cisco Jabber Guest 10.0(2) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.1(11) Patch 1 (disponible le 31 mars 2016) | ||
| Cisco | N/A | Cisco 910 Industrial Router | ||
| Cisco | Expressway Series | Cisco Expressway Series versions antérieures à 8.7.1 (disponible le 22 février 2016) | ||
| Cisco | N/A | Cisco TelePresence MX Series | ||
| Cisco | N/A | Cisco TelePresence SX Series | ||
| Cisco | N/A | Cisco Clean Access Manager versions antérieures à 4.9.5 (disponible le 19 février 2016) | ||
| Cisco | N/A | Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016) | ||
| Cisco | N/A | Cisco Fog Director version 1.0(0) | ||
| Cisco | N/A | Cisco Universal Small Cell 5000 Series exécutant la version V3.4.2.x | ||
| Cisco | N/A | Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | ||
| Cisco | N/A | Cisco Service Control Operating System | ||
| Cisco | N/A | Cisco Media Experience Engines (MXE) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) | ||
| Cisco | N/A | Cisco Telepresence Integrator C Series | ||
| Cisco | N/A | Cisco TelePresence EX Series | ||
| Cisco | N/A | Cisco Edge 300 Digital Media Player versions antérieures à 1.6RB4_4 (disponible le 25 février 2016) | ||
| Cisco | N/A | Cisco Intrusion Prevention System Solutions (IPS) versions antérieures à 7.3(05) Patch 1 (disponible le 30 avril 2016) | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager (UCM) | ||
| Cisco | N/A | Cisco TelePresence Profile Series | ||
| Cisco | N/A | Cisco 3G Femtocell Wireless versions antérieures à SR10MR (disponible le 29 juillet 2016) | ||
| Cisco | N/A | Cisco NAC Server versions antérieures à 4.9.5 (disponible le 19 février 2016) |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Digital Media Manager (DMM)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Guest Server versions ant\u00e9rieures \u00e0 2.1.0 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "IOS-XR for Cisco Network Convergence System (NCS) 6000",
"product": {
"name": "IOS",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intelligent Automation for Cloud",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco DCM Series 9900-Digital Content Manager versions ant\u00e9rieures \u00e0 18.0 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Surveillance Media Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FireSIGHT System Software versions ant\u00e9rieures \u00e0 6.1 (disponible en juin 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager Session Management Edition (SME)",
"product": {
"name": "Unified Communications Manager Session Management Edition",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Videoscape Policy and Resource Management",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Management Heartbeat Server versions ant\u00e9rieures \u00e0 RMS5.x MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Standalone rack server CIMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cloud Object Store (COS) versions ant\u00e9rieures \u00e0 3.8 (disponible le 9 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 7000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Hosted Collaboration Mediation Fulfillment",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Video Communication Server (VCS) versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Central",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Conductor versions ant\u00e9rieures \u00e0 XC4.2 (disponible le 30 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application and Content Networking System (ACNS) versions ant\u00e9rieures \u00e0 5.5.41 (disponible le 29 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Digital Media Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Virtual Topology System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Interoperability and Collaboration System (IPICS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Deployment Tools",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Enterprise Content Delivery System (ECDS) versions ant\u00e9rieures \u00e0 2.6.7 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Quantum Virtualized Packet Core",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA CX et Cisco Prime Security Manager versions ant\u00e9rieures \u00e0 9.3.4.5 (disponible le 30 mai 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Jabber Guest 10.0(2)",
"product": {
"name": "Jabber",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.1(11) Patch 1 (disponible le 31 mars 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 910 Industrial Router",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Expressway Series versions ant\u00e9rieures \u00e0 8.7.1 (disponible le 22 f\u00e9vrier 2016)",
"product": {
"name": "Expressway Series",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence MX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence SX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Clean Access Manager versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Delivery System Recorder (correctif disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Fog Director version 1.0(0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Universal Small Cell 5000 Series ex\u00e9cutant la version V3.4.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Service Control Operating System",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Media Experience Engines (MXE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Telepresence Integrator C Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Edge 300 Digital Media Player versions ant\u00e9rieures \u00e0 1.6RB4_4 (disponible le 25 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Intrusion Prevention System Solutions (IPS) versions ant\u00e9rieures \u00e0 7.3(05) Patch 1 (disponible le 30 avril 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager (UCM)",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence Profile Series",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco 3G Femtocell Wireless versions ant\u00e9rieures \u00e0 SR10MR (disponible le 29 juillet 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco NAC Server versions ant\u00e9rieures \u00e0 4.9.5 (disponible le 19 f\u00e9vrier 2016)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-7973",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
},
{
"name": "CVE-2015-7976",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7976"
},
{
"name": "CVE-2015-8158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
},
{
"name": "CVE-2015-7977",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7977"
},
{
"name": "CVE-2016-1305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1305"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2015-7974",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7974"
},
{
"name": "CVE-2015-7975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7975"
},
{
"name": "CVE-2015-7978",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7978"
},
{
"name": "CVE-2015-8140",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8140"
},
{
"name": "CVE-2015-7979",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
},
{
"name": "CVE-2015-8139",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8139"
},
{
"name": "CVE-2016-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1306"
}
],
"initial_release_date": "2016-02-02T00:00:00",
"last_revision_date": "2016-02-02T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-fd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160201-apic-em"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"
}
],
"reference": "CERTFR-2016-AVI-045",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-02-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance\n(XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-apic-em du 01 f\u00e9vrier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160127-ntpd du 27 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160201-fd du 01 f\u00e9vrier 2016",
"url": null
}
]
}