CVE-2017-3886SQL Injection in Cisco Unified Communications Manager

CWE-89SQL Injection4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.2%
top 57.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedApr 7
Latest updateMay 17

Description

A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/unified_communications_manager11.0\(1.10000.10\), 11.5\(1.10000.6\)+1
CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

2
GHSA
GHSA-gfv7-h45g-g54g: A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality2022-05-17
CVEList
CVE-2017-3886: A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality2017-04-07

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager SQL Injection Vulnerability2017-04-05
CVE-2017-3886 — SQL Injection in Cisco | cvebase