CVE-2019-15972 — SQL Injection in Cisco Unified Communications Manager

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

4.0%

top 11.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager Cisco Unified Communications Manager

Timeline

PublishedNov 26

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on o…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_unified_communications_managerunspecified — n/a

▶NVDcisco/unified_communications_manager4 versions+3

🔴Vulnerability Details

GHSA

GHSA-vcx9-7p39-hwhg: A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct↗2022-05-24

▶

CVEList

Cisco Unified Communications Manager SQL Injection Vulnerability↗2019-11-26

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager SQL Injection Vulnerability↗2019-11-20

▶