Jahmel Harris

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection (affected versions not specified) **Description** Insufficient validation of user-supplied input in the web-based management interface allows an authenticated remote attacker to execute arbitrary code as root. This is achieved by submitting a crafted API request, which could lead to the complete compromise of the device. Valid user credentials are required for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection Web Inbox (affected versions not specified) **Description** Improper input validation for specific HTTP requests in the web UI allows an unauthenticated remote attacker to perform Server-Side Request Forgery (SSRF), a technique where the attacker forces the server to make requests to an unintended location. By sending a crafted HTTP request, an attacker can trigger arbitrary network requests originating from the affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection (affected versions not specified) **Description** An issue in the web-based management interface allows an unauthenticated remote attacker to redirect users to a malicious web page. This occurs due to improper input validation of HTTP request parameters. An attacker can exploit this by persuading a user to click a specially crafted link. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection (affected versions not specified) **Description** A flaw in the web-based management interface allows an unauthenticated remote attacker to perform a reflected Cross-Site Scripting (XSS) attack. This occurs because the interface fails to properly validate user-supplied input. An attacker can exploit this by tricking a user into clicking a specially crafted link, which may lead to the execution of arbitrary script code within the interface context or the theft of sensitive browser-based information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection (affected versions not specified) **Description** Improper sanitization of user input to the web-based management interface allows an authenticated remote attacker with valid administrative credentials to download arbitrary files from an affected system by sending a crafted HTTPS request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection (affected versions not specified) **Description** Improper sanitization of user input to the web-based management interface allows an authenticated remote attacker with valid administrative credentials to download arbitrary files from an affected system by sending a crafted HTTPS request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Finesse Cisco Packaged Contact Center Enterprise (Packaged CCE) Cisco Unified Contact Center Enterprise (Unified CCE) Cisco Unified Contact Center Express (Unified CCX) Cisco Unified Intelligence Center (affected versions not specified) **Description** A flaw exists in the web-based management interface of the listed Cisco products. This issue could allow a remote, unauthenticated attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. The root cause is insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this by injecting malicious code into specific pages of the interface. Successful exploitation may allow the attacker to execute arbitrary script code within the context of the affected interface or gain access to sensitive information accessible through the browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unity Connection (affected versions not specified) **Description** An issue in the web-based management interface allows an authenticated remote attacker to perform an SQL injection attack. This occurs due to insufficient validation of user-supplied input. An attacker with valid user credentials can send a crafted HTTP(S) request to the web-based management interface to view data on the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Delegated Licensing Service (affected versions not specified) **Description** The NVIDIA Delegated Licensing Service for all appliance platforms has a flaw that could allow a user or attacker to trigger an authorized action. Exploitation of this issue may result in information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Delegated Licensing Service (affected versions not specified) **Description** The NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection issue. An attacker may be able to cause an authorized action, potentially leading to a partial denial of service affecting the user interface component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Delegated Licensing Service (affected versions not specified) **Description** The NVIDIA Delegated Licensing Service for all appliance platforms has a flaw that could allow a user or attacker to trigger an authorized action. Exploitation of this issue may result in information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.