Lucene search

[email protected]CVE-2011-1609

HistoryMay 03, 2011 - 10:55 p.m.

CVE-2011-1609

2011-05-0322:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-1609

sql injection

cisco unified communications manager

cucm

callmanager

nvd

bug id csctg85647

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

JSON

SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.

Affected configurations

NVD

Node

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(1b\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(2\)su1a

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch6.1\(3a\)

ciscounified_communications_managerMatch6.1\(3b\)

ciscounified_communications_managerMatch6.1\(3b\)su1

ciscounified_communications_managerMatch6.1\(4\)

ciscounified_communications_managerMatch6.1\(4\)su1

ciscounified_communications_managerMatch6.1\(4a\)

ciscounified_communications_managerMatch6.1\(4a\)su2

ciscounified_communications_managerMatch6.1\(5\)

ciscounified_communications_managerMatch6.1\(5\)su1

Node

ciscounified_communications_managerMatch7.0\(1\)su1

ciscounified_communications_managerMatch7.0\(1\)su1a

ciscounified_communications_managerMatch7.0\(2\)

ciscounified_communications_managerMatch7.0\(2a\)

ciscounified_communications_managerMatch7.0\(2a\)su1

ciscounified_communications_managerMatch7.0\(2a\)su2

ciscounified_communications_managerMatch7.1\(2a\)

ciscounified_communications_managerMatch7.1\(2a\)su1

ciscounified_communications_managerMatch7.1\(2b\)

ciscounified_communications_managerMatch7.1\(3\)

ciscounified_communications_managerMatch7.1\(3a\)

ciscounified_communications_managerMatch7.1\(3a\)su1

ciscounified_communications_managerMatch7.1\(3a\)su1a

ciscounified_communications_managerMatch7.1\(3b\)

ciscounified_communications_managerMatch7.1\(3b\)su1

ciscounified_communications_managerMatch7.1\(3b\)su2

ciscounified_communications_managerMatch7.1\(5\)

ciscounified_communications_managerMatch7.1\(5\)su1

ciscounified_communications_managerMatch7.1\(5\)su1a

ciscounified_communications_managerMatch7.1\(5a\)

ciscounified_communications_managerMatch7.1\(5b\)

Node

ciscounified_communications_managerMatch8.0\(2c\)

ciscounified_communications_managerMatch8.0\(2c\)su1

ciscounified_communications_managerMatch8.0\(3\)

ciscounified_communications_managerMatch8.0\(3a\)

ciscounified_communications_managerMatch8.0\(3a\)su1

ciscounified_communications_managerMatch8.0\(3a\)su2

ciscounified_communications_managerMatch8.5

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq6.0
cisco:unified_communications_managercisco unified communications managereq6.1\(1\)
cisco:unified_communications_managercisco unified communications managereq6.1\(1a\)
cisco:unified_communications_managercisco unified communications managereq6.1\(1b\)
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)su1
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)su1a
cisco:unified_communications_managercisco unified communications managereq6.1\(3\)
cisco:unified_communications_managercisco unified communications managereq6.1\(3a\)
cisco:unified_communications_managercisco unified communications managereq6.1\(3b\)

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	6.0
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(1a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(1b\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)su1
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)su1a
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3b\)

Rows per page:

1-10 of 171

References

archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

secunia.com/advisories/44331

www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

www.securityfocus.com/bid/47605

www.securitytracker.com/id?1025449

www.vupen.com/english/advisories/2011/1122

exchange.xforce.ibmcloud.com/vulnerabilities/67125

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for CVE-2011-1609

prion1 nvd1 cvelist1 securityvulns1