Preview Tool

Cisco Bug: CSCut33608 - Blind SQL injection issue on page

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases


Description (partial)

A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform SQL injection. This could allow
the attacker to obtain information the affected application can access.

The vulnerability is due to a failure to properly sanitize user-supplied input passed to the affected application. An attacker could exploit this
vulnerability by logging in to the administrative web interface and submitting a crafted response to the affected page.

Devices running an affected version of the Cisco Unified Communications Manager.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.