CVE-2017-6757SQL Injection in Cisco Unified Communications Manager

CWE-89SQL Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unified Communications ManagerCisco Unified Communications Manager
Timeline
PublishedAug 7
Latest updateMay 13

Description

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/unified_communications_manager10.5\(2.10000.5\), 11.0\(1.10000.10\), 11.5\(1.10000.6\)+2
CVEListV5cisco/cisco_unified_communications_managerCisco Unified Communications Manager

🔴Vulnerability Details

2
GHSA
GHSA-8pc9-2mwj-m37h: A vulnerability in Cisco Unified Communications Manager 102022-05-13
CVEList
CVE-2017-6757: A vulnerability in Cisco Unified Communications Manager 102017-08-07

📋Vendor Advisories

1
Cisco
Cisco Unified Communications Manager SQL Injection Vulnerability2017-08-02
CVE-2017-6757 — SQL Injection in Cisco | cvebase