CVE-2017-6668

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Domain Manager version 8.1(7)ER1

Description The issue allows an authenticated, remote attacker to execute arbitrary SQL queries, potentially impacting the confidentiality of the system. This is due to vulnerabilities in the web-based GUI.

Recommendations For version 8.1(7)ER1, update to a version that addresses the SQL injection vulnerabilities to prevent arbitrary SQL queries from being executed. As a temporary workaround, consider restricting access to the web-based GUI to minimize the risk of exploitation.