Type Unified Communication Software

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (178): C4B Xphone Unified Communications 2011, Cisco CallManager, Cisco Cisco Unity Connection, Cisco Collaboration Endpoint, Cisco Emergency Responder, Cisco Expressway, Cisco Expressway Series, Cisco Expressway Series Software, Cisco Meeting App, Cisco Meeting Server, Cisco Mobility Services Engine, Cisco Presence, Cisco Presence Service, Cisco RoomOS, Cisco TE, Cisco TelePresence, Cisco TelePresence Advanced Media Gateway, Cisco TelePresence Codde, Cisco TelePresence Codec, Cisco Telepresence Codec, Cisco Telepresence Codec C60, Cisco TelePresence Collaboration Endpoint, Cisco TelePresence Conductor, Cisco Telepresence E20 Software, Cisco TelePresence IP Gateway, Cisco TelePresence IP VCR, Cisco TelePresence ISDN Gateway, Cisco TelePresence IX5000, Cisco Telepresence Management Suite, Cisco TelePresence Management Suite, Cisco TelePresence Manager, Cisco TelePresence MCU 4500, Cisco Telepresence Mcu Mse Series Software, Cisco TelePresence MCU Software, Cisco TelePresence MSE 8000, Cisco TelePresence Multipoint Control Unit, Cisco TelePresence Multipoint Switch, Cisco TelePresence MXP, Cisco Telepresence Mxp Software, Cisco Telepresence Quick Set C20, Cisco TelePresence Recording Server, Cisco Telepresence Recording Server Software, Cisco TelePresence Serial Gateway, Cisco TelePresence Server, Cisco Telepresence Supervisor Mse 8050 Software, Cisco TelePresence System, Cisco Telepresence System 3000, Cisco TelePresence System Software, Cisco Telepresence System Software, Cisco Telepresence System Tx9000, Cisco TelePresence TC, Cisco Telepresence Tc Software, Cisco TelePresence TC Software, Cisco Telepresence Te Software, Cisco TelePresence VCS, Cisco TelePresence Video Communications Server, Cisco TelePresence Video Communication Server, Cisco Telepresence Video Communication Servers Software, Cisco TelePresence Video Communication Server Expressway, Cisco TelePresence VX Clinical Assistant, Cisco Unified Communications, Cisco Unified Communications Domain Manager, Cisco Unified Communications Domain Manager Platform, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM, Cisco Unified Communications Manager IM , Cisco Unified Communications Manager IM & Presence Service, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communication Manager, Cisco Unified MeetingPlace, Cisco Unified MeetingPlace for Microsoft Outlook, Cisco Unified MeetingPlace Web Conferencing, Cisco Unified Presence Server, Cisco Unity Connection, Cisco WebEx, Cisco Webex Advanced Recording Format Player, Cisco WebEx Browser Extension, Cisco Webex Business Suite, Cisco WebEx Business Suite Client, Cisco WebEX Connect IM, Cisco Webex Event Center, Cisco WebEx Event Center, Cisco Webex Meeting, Cisco Webex Meetings, Cisco WebEx Meetings, Cisco WebEx Meetings Application, Cisco WebEx Meetings Center, Cisco Webex Meetings Client, Cisco Webex Meetings Desktop App, Cisco WebEx Meetings Mobile, Cisco Webex Meetings Online, Cisco WebEx Meetings Player, Cisco WebEx Meetings Server, Cisco Webex Meetings Suite, Cisco WebEx Meeting Center, Cisco Webex Meeting Center, Cisco WebEx Meeting Manager, Cisco WebEx Meeting Server, Cisco Webex MeetMeNow Server, Cisco WebEx Network Recording Player, Cisco WebEx Node, Cisco WebEx Node for Media Convergence Server, Cisco WebEx One-Click Client, Cisco Webex Player, Cisco WebEx Player, Cisco WebEx Productivity Tools, Cisco Webex Productivity Tools, Cisco WebEx Recording Format Player, Cisco WebEx Sales Center, Cisco WebEx Social, Cisco Webex Social, Cisco Webex Support Center, Cisco Webex Teams, Cisco WebEx Teams, Cisco Webex Teams Client, Cisco Webex Training, Cisco WebEx Training Center, Cisco Webex Training Center, Cisco Webex Video Mesh, Cisco Presence Service, eBay Skype, FiWin Ss28s Wifi Voip Sip Skype Phone, Huawei AR3200, Huawei DP300, Huawei DPxxx, Huawei eCNS210_TD, Huawei eSpace 7950, Huawei eSpace IAD, Huawei eSpace U1960, Huawei eSpace U1981, Huawei HiLink App, Huawei IPS Module, Huawei NGFW Module, Huawei NIP6300, Huawei NIP6600, Huawei RP200, Huawei RSE6500, Huawei S1700, Huawei S2700, Huawei S5700, Huawei S6700, Huawei S7700, Huawei S9700, Huawei S12700, Huawei Secospace USG6300, Huawei Secospace USG6500, Huawei Secospace USG6600, Huawei TE30, Huawei TE40, Huawei TE50, Huawei TE60, Huawei Tecal E9000 Chassis, Huawei Tecal RHXXXX, Huawei Tech Support App, Huawei TP3106, Huawei TP3206, Huawei TX50, Huawei U1981, Huawei USG6300, Huawei USG9500, Huawei ViewPoint 8660, Huawei ViewPoint 9030, Huawei VP9660, Microsoft Lync, Microsoft Lync for Mac, Microsoft Lync Server, Microsoft Skype, Microsoft Skype for Business, Microsoft Skype for Business Server, Microsoft Teams, RingCentral Client, skype, Skype, Skype Client, skype Extension For Firefox, WePhone - phone calls vs skype, Zoom Client, Zoom Client for Meetings

PublishedBaseTempVulnerabilityProdExpRemCTICVE
11/19/20206.36.3Cisco Webex Meetings/WebEx Meetings Server Connection input validationWebex Meetings/WebEx Meetings ServerNot DefinedOfficial Fix0.07CVE-2020-3471
11/19/20204.34.3Cisco Webex Meetings/WebEx Meetings Server Meeting Room Lobby information disclosureWebex Meetings/WebEx Meetings ServerNot DefinedOfficial Fix0.06CVE-2020-3441
11/19/20205.65.6Cisco Webex Meetings/WebEx Meetings Server Authentication Token dynamically-managed code resourcesWebex Meetings/WebEx Meetings ServerNot DefinedOfficial Fix0.06CVE-2020-3419
11/18/20204.34.3Cisco Webex Meeting API cross site scritingWebex MeetingNot DefinedOfficial Fix0.06CVE-2020-27126
11/18/20204.74.7Cisco TelePresence Collaboration Endpoint/RoomOS xAPI service authorizationTelePresence Collaboration Endpoint/RoomOSNot DefinedOfficial Fix0.00CVE-2020-26068
11/10/20207.86.8Microsoft Teams Local Privilege EscalationTeamsUnprovenOfficial Fix0.07CVE-2020-17091
11/07/20207.37.0Cisco WebEx Network Recording Player/Webex Player Email Attachment memory corruptionWebEx Network Recording Player/Webex PlayerNot DefinedOfficial Fix0.07CVE-2020-3604
11/07/20207.37.0Cisco WebEx Network Recording Player/Webex Player Email Attachment memory corruptionWebEx Network Recording Player/Webex PlayerNot DefinedOfficial Fix0.06CVE-2020-3603
11/07/20205.35.1Cisco Webex Meetings Desktop App Virtualization Channel Messaging path traversalWebex Meetings Desktop AppNot DefinedOfficial Fix0.13CVE-2020-3588
11/07/20206.36.0Cisco WebEx Network Recording Player/Webex Player Email Attachment memory corruptionWebEx Network Recording Player/Webex PlayerNot DefinedOfficial Fix0.00CVE-2020-3573
11/07/20204.34.1Cisco Unified Communications Manager IM & Presence Service XCP Authentication Service denial of serviceUnified Communications Manager IM & Presence ServiceNot DefinedOfficial Fix0.00CVE-2020-27121
11/07/20206.36.0Cisco TelePresence Collaboration Endpoint Video Endpoint API exposure of resourceTelePresence Collaboration EndpointNot DefinedOfficial Fix0.00CVE-2020-26086
10/08/20206.46.1Cisco Expressway Series Session Initiation Protocol denial of serviceExpressway Series/TelePresence Video Communication ServerNot DefinedOfficial Fix0.00CVE-2020-3596
10/08/20206.96.6Cisco Webex Teams Client DLL Loader uncontrolled search pathWebex Teams ClientNot DefinedOfficial Fix0.00CVE-2020-3535
09/23/20207.57.2Cisco TelePresence Collaboration Endpoint Video Endpoint API path traversalTelePresence Collaboration Endpoint/TelePresence Codec/RoomOSNot DefinedOfficial Fix0.09CVE-2020-3143
09/23/20205.95.6Cisco Unified Communications Manager Web-based Management Interface cross-site request forgeryUnified Communications ManagerNot DefinedOfficial Fix0.09CVE-2020-3135
09/23/20205.45.2Cisco Unity Connection Web Management Interface path traversalUnity ConnectionNot DefinedOfficial Fix0.06CVE-2020-3130
09/23/20204.94.7Cisco WebEx UCF File input validationWebExNot DefinedOfficial Fix0.08CVE-2020-3116
09/23/20204.34.1Cisco Unified Communications Manager Web-based Management Interface information disclosureUnified Communications ManagerNot DefinedOfficial Fix0.05CVE-2019-15963
09/23/20206.46.1Cisco TelePresence Collaboration Endpoint/RoomOS input validationTelePresence Collaboration Endpoint/RoomOSNot DefinedOfficial Fix0.00CVE-2019-15289
09/23/20207.06.7Cisco WebEx Network Recording Player/Webex Player ARF File memory corruptionWebEx Network Recording Player/Webex PlayerNot DefinedOfficial Fix0.00CVE-2019-15287
09/23/20207.06.7Cisco WebEx Network Recording Player/Webex Player ARF File memory corruptionWebEx Network Recording Player/Webex PlayerNot DefinedOfficial Fix0.04CVE-2019-15285
09/23/20207.06.7Cisco WebEx Network Recording Player/Webex Player ARF File memory corruptionWebEx Network Recording Player/Webex PlayerNot DefinedOfficial Fix0.08CVE-2019-15283
09/04/20204.24.0Cisco Webex Training Meeting input validationWebex TrainingNot DefinedOfficial Fix0.00CVE-2020-3542
09/04/20203.83.7Cisco Webex Meetings Client Media Engine information disclosureWebex Meetings Client/Webex Meetings Desktop App/Webex TeamsNot DefinedOfficial Fix0.06CVE-2020-3541

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!