PT-2012-1891 · Cisco · Cisco Business Edition 3000+3
Published
2012-03-01
·
Updated
2012-03-05
·
CVE-2011-4487
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager (CUCM) versions 6.x through 7.x before 7.1(5b)su5
Cisco Unified Communications Manager (CUCM) versions 8.0 through 8.0 before 8.0(3a)su3
Cisco Unified Communications Manager (CUCM) versions 8.5 through 8.6 before 8.6(2a)su1
Cisco Business Edition 3000 version before 8.6.3
Cisco Business Edition 5000 and 6000 versions before 8.6(2a)su1
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration.
Recommendations
For Cisco Unified Communications Manager (CUCM) versions 6.x through 7.x before 7.1(5b)su5, update to version 7.1(5b)su5 or later.
For Cisco Unified Communications Manager (CUCM) versions 8.0 through 8.0 before 8.0(3a)su3, update to version 8.0(3a)su3 or later.
For Cisco Unified Communications Manager (CUCM) versions 8.5 through 8.6 before 8.6(2a)su1, update to version 8.6(2a)su1 or later.
For Cisco Business Edition 3000 version before 8.6.3, update to version 8.6.3 or later.
For Cisco Business Edition 5000 and 6000 versions before 8.6(2a)su1, update to version 8.6(2a)su1 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Business Edition 3000
Cisco Business Edition 5000
Cisco Business Edition 6000
Cisco Unified Communications Manager