Detections
Analytics
Cisco Unified Communications Manager Java Interface SQL Injection (CSCuo17337)
medium Nessus Plugin ID 76121
Language:
Synopsis
The remote host is affected by a SQL injection vulnerability.Description
According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by a SQL injection vulnerability in 'BulkViewFileContentsAction.java'. An authenticated, remote attacker can exploit this, by using a crafted 'filename' parameter, to execute arbitrary SQL commands to access sensitive information.Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCuo17337.See Also
https://tools.cisco.com/security/center/viewAlert.x?alertId=34572
Plugin Details
Severity: Medium
ID: 76121
File Name: cisco_cucm_CSCuo17337.nasl
Version: 1.8
Type: combined
Family: CISCO
Published: 6/18/2014
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:cisco:unified_communications_manager
Required KB Items: Host/Cisco/CUCM/Version, Host/Cisco/CUCM/Version_Display
Exploit Ease: No known exploits are available
Patch Publication Date: 6/11/2014
Vulnerability Publication Date: 6/9/2014
Reference Information
CVE: CVE-2014-3287
BID: 68000
CISCO-BUG-ID: CSCuo17337