CVE-2017-6668

CWE-89 — SQL Injection4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 57.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Domain Manager

Timeline

PublishedJun 13

Latest updateMay 17

Description

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_unified_communications_domain_managerCisco Unified Communications Domain Manager

▶NVDcisco/unified_communications_domain_manager8.1\(7\)er1

🔴Vulnerability Details

GHSA

GHSA-xr99-57mh-xrxf: Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact th↗2022-05-17

▶

CVEList

CVE-2017-6668: Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact th↗2017-06-13

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities↗2017-06-07

▶