Guest

Preview Tool

Cisco Bug: CSCup18842 - LDAP Directory and Directory Number Alias Server pages vulnerable

Last Modified

Apr 13, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(1.98000.101) 10.5(1.98000.113) 10.5(1.98000.98)

Description (partial)

Symptom:
Use of Apostrophe at the end of the URL for Find and List LDAP Directories and Directory Number Alias Server cause the contents of the page to change

Conditions:
1)Login to CCMAdmin.
2)Access the path System->LDAP->LDAP Directory.
3)In Find and List Directory page, add apostrophe(single quote) at the end of the URL
..URL being https://cucmip/ccmadmin/directoryFindList.do?server=4 as https://cucmip/ccmadmin/directoryFindList.do?server=4'  and hit enter 

The contents of Find and List Directory Number Alias Server  gets displayed with Find and List Directories as a label at the top end left hand corner of the page.
screen shot attached for reference..(screenshot1)

Further when the same steps are followed for Advanced Features->Directory Number Alias Server Lookup and Sync URL--https://cucmip/ccmadmin/directoryFindList.do?server=5'

Find and List Directories page will be displayed with contents of Directory Number Alias Sync And Lookup
screen shot attached(screenshot2)

The use of apostrophe at the end of the URL is used to derermine whether the page is vulnerable to SQL Injection.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.