CVE-2017-6668

4.9MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Communications Domain Manager
Vendor: CVE Published:; 13 June 2017

Summary

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.

Affected Version(s)

Cisco Unified Communications Domain Manager Cisco Unified Communications Domain Manager

References

http://www.securityfocus.com/bid/98947

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038632

vdb-entryx_refsource_SECTRACK

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2017
Vulnerability Reserved
Mar 9, 2017

.