Home    |    View Topics    |    Search    |    Contact Us    |

SecurityTracker Archives

Category:   Application (VoIP)  >   Cisco Unified Communications Manager (CallManager) Vendors:   Cisco Cisco Unified Communications Manager Input Validation Flaw Lets Remote Authenticated Users Inject SQL Commands SecurityTracker Alert ID:  1040341 SecurityTracker URL:  http://securitytracker.com/id/1040341 CVE Reference:   CVE-2018-0120   (Links to External Site) Date:  Feb 7 2018 Impact:   Disclosure of system information, Disclosure of user information, User access via network Fix Available:  Yes  Vendor Confirmed:  Yes   Description:   A vulnerability was reported in Cisco Unified Communications Manager. A remote authenticated user can inject SQL commands. The web framework does not properly validate user-supplied input. A remote authenticated user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited to determine the presence of certain values in the database. The vendor has assigned bug ID CSCvg74810 to this vulnerability. Impact:   A remote authenticated user can execute SQL commands on the underlying database. Solution:   No solution was available at the time of this entry. The vendor advisory is available at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm (Links to External Site) Cause:   Input validation error Message History:   None.  Source Message Contents Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2019, SecurityGlobal.net LLC