Detections
Analytics
Cisco Unified Communications Manager SQL Injection (CSCut33447 / CSCut33608)
medium Nessus Plugin ID 83466
Language:
Synopsis
The remote host is affected by several SQL injection vulnerabilities.Description
According to its self-reported version, the remote Cisco Unified Communications Manager (CUCM) device is affected by multiple SQL injection vulnerabilities due to improper validation of user-supplied input. An authenticated, remote attacker can exploit these issues to inject or modify SQL queries, resulting in the manipulation or disclosure of sensitive data.Solution
Contact Cisco support in order to obtain a fixed version.See Also
https://tools.cisco.com/security/center/viewAlert.x?alertId=38674
Plugin Details
Severity: Medium
ID: 83466
File Name: cisco_cucm_cve_2015_0715.nasl
Version: 1.5
Type: combined
Family: CISCO
Published: 5/14/2015
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:cisco:unified_communications_manager
Required KB Items: Host/Cisco/CUCM/Version, Host/Cisco/CUCM/Version_Display
Exploit Ease: No known exploits are available
Patch Publication Date: 5/8/2015
Vulnerability Publication Date: 5/8/2015
Reference Information
CVE: CVE-2015-0715
BID: 74473
CISCO-BUG-ID: CSCut33447, CSCut33608