Cisco Bug: CSCut21563 - SQL Injection vulnerability in the ccmivr Web application
Feb 03, 2017
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: A vulnerability in in the Cisco Unified Communications Manager (UCM) Interactive Voice Response (IVR) interface could allow an unauthenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Conditions: Default configuration of system running affected version.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases