Guest

Preview Tool

Cisco Bug: CSCun11242 - Multiple MySQL Vulnerabilities

Last Modified

Jan 30, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.0(1.10000.26)

Description (partial)

Symptoms:
Cisco Unified  Call Manager includes  a version of  the Oracle MySQL that  is affected by  the vulnerabilities
identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-5908: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier,
5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors
related to Error Handling. This has been classified by the vendor as having a CVSSv2 score of 2.6
(AV:N/AC:H/AU:N/C:N/I:N/A:P)

CVE-2014-0001: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote
database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server
version string. This has been classified by the vendor as having a CVSSv2 score of 7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P)

CVE-2014-0386: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier,
5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via
unknown vectors related to Optimizer. This has been classified by the vendor as having a CVSSv2 score of 4.0
(AV:N/AC:L/AU:S/C:N/I:N/A:P)

CVE-2014-0393: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier,
5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown
vectors related to InnoDB. This has been classified by the vendor as having a CVSSv2 score of 3.3
(AV:N/AC:L/AU:M/C:N/I:P/A:N)

CVE-2014-0401: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier,
5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via
unknown vectors. This has been classified by the vendor as having a CVSSv2 score of 4.0
(AV:N/AC:L/AU:S/C:N/I:N/A:P)

CVE-2014-0402: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier,
5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via
unknown vectors related to Locking. This has been classified by the vendor as having a CVSSv2 score of 4.0
(AV:N/AC:L/AU:S/C:N/I:N/A:P)

CVE-2014-0412: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier,
5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via
unknown vectors related to InnoDB. This has been classified by the vendor as having a CVSSv2 score of 4.0
(AV:N/AC:L/AU:S/C:N/I:N/A:P)

CVE-2014-0437: Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier,
5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via
unknown vectors related to Optimizer. This has been classified by the vendor as having a CVSSv2 score of 3.5
(AV:N/AC:M/AU:S/C:N/I:N/A:P)

This bug was opened to address the potential impact on this product.

Conditions:
Running a version of Call Manager prior to this bugfix.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.