Guest

Preview Tool

Cisco Bug: CSCut33608 - Blind SQL injection issue on phoneEdit.do page

Last Modified

Jan 31, 2017

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

11.0(0.98000.225)

Description (partial)

Symptom:
A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow
the attacker to obtain information the affected application can access.

The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this
vulnerability by logging in to the administrative web interface and submitting a crafted response to the affected page.

Conditions:
Devices running an affected version of the Cisco Unified Communications Manager.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.