CVE-2017-6757

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 10.5(2.10000.5) through 11.5(1.10000.6)

Description A vulnerability could allow an authenticated, remote attacker to conduct a blind SQL injection attack due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this by sending crafted URLs that include SQL statements, potentially modifying or deleting entries in some database tables and affecting data integrity.

Recommendations For versions 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6), update to a fixed version to prevent blind SQL injection attacks. As a temporary workaround, consider restricting access to SQL queries and validating user-supplied input to minimize the risk of exploitation.