CVE-2013-3404SQL Injection in Cisco Unified Communications Manager

CWE-89SQL InjectionCWE-20Improper Input ValidationCWE-264CWE-3105 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Manager
Timeline
PublishedJul 18
Latest updateMay 17

Description

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f66v-2h8q-jpfq: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 72022-05-17
CVEList
CVE-2013-3404: SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 72013-07-18

📋Vendor Advisories

2
Cisco
Cisco Unified Communications Manager Remote Blind SQL Injection Vulnerability2013-07-17
Cisco
Multiple Vulnerabilities in Cisco Unified Communications Manager2013-07-17
CVE-2013-3404 — SQL Injection in Cisco | cvebase