Cisco Bug: CSCut33608 - Blind SQL injection issue on phoneEdit.do page
Jan 31, 2017
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptom: A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow the attacker to obtain information the affected application can access. The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this vulnerability by logging in to the administrative web interface and submitting a crafted response to the affected page. Conditions: Devices running an affected version of the Cisco Unified Communications Manager.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases