CVE-2017-3886

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 1.0(1.10000.10) through 11.5(1.10000.6) Cisco Unified Communications Manager versions prior to 11.5(1.13035.1) Cisco Unified Communications Manager versions prior to 12.0(0.98000.212)

Description A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The attacker must be authenticated as an administrative user to execute SQL database queries.

Recommendations For versions 1.0(1.10000.10) through 11.5(1.10000.6), update to version 11.5(1.13035.1) or later. For versions prior to 12.0(0.98000.212), update to version 12.0(0.98000.212) or later. As a temporary workaround, consider restricting access to the SQL database queries until a patch is available. Restrict administrative user access to minimize the risk of exploitation.