PT-2013-4361 · Cisco · Cisco Unified Communications Manager
Published
2013-07-18
·
Updated
2013-08-20
·
CVE-2013-3404
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications Manager versions 7.1(x) through 9.1(1a)
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands, potentially leading to the discovery of encrypted credentials by leveraging metadata.
Recommendations
For versions 7.1(x) through 9.1(1a), update to a version that contains a fix for this issue, as the current version allows for the execution of arbitrary SQL commands, which could compromise encrypted credentials.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Communications Manager