Cisco Bug: CSCup18842 - LDAP Directory and Directory Number Alias Server pages vulnerable
Apr 13, 2020
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
10.5(1.98000.101) 10.5(1.98000.113) 10.5(1.98000.98)
Symptom: Use of Apostrophe at the end of the URL for Find and List LDAP Directories and Directory Number Alias Server cause the contents of the page to change Conditions: 1)Login to CCMAdmin. 2)Access the path System->LDAP->LDAP Directory. 3)In Find and List Directory page, add apostrophe(single quote) at the end of the URL ..URL being https://cucmip/ccmadmin/directoryFindList.do?server=4 as https://cucmip/ccmadmin/directoryFindList.do?server=4' and hit enter The contents of Find and List Directory Number Alias Server gets displayed with Find and List Directories as a label at the top end left hand corner of the page. screen shot attached for reference..(screenshot1) Further when the same steps are followed for Advanced Features->Directory Number Alias Server Lookup and Sync URL--https://cucmip/ccmadmin/directoryFindList.do?server=5' Find and List Directories page will be displayed with contents of Directory Number Alias Sync And Lookup screen shot attached(screenshot2) The use of apostrophe at the end of the URL is used to derermine whether the page is vulnerable to SQL Injection.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases