CVE-2011-4487

2012-03-0101:55:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2011-4487

sql injection

cisco unified communications manager

cucm

vulnerability

remote attackers

arbitrary commands

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.6%

JSON

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq6.1\(3a\)
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)
cisco:unified_communications_managercisco unified communications managereq6.1\(3b\)su1
cisco:unified_communications_managercisco unified communications managereq6.0\(1\)
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)su1a
cisco:unified_communications_managercisco unified communications managereq6.1\(4\)su1
cisco:unified_communications_managercisco unified communications managereq6.1\(4\)
cisco:unified_communications_managercisco unified communications managereq6.1\(5\)su1
cisco:unified_communications_managercisco unified communications managereq6.1\(4a\)
cisco:unified_communications_managercisco unified communications managereq6.1\(5\)su2

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3b\)su1
cisco:unified_communications_manager	cisco unified communications manager	eq	6.0\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)su1a
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(4\)su1
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(4\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(5\)su1
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(4a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(5\)su2