Sign-up

ID

VAR-201505-0133


CVE

CVE-2015-0715


TITLE

Cisco Unified Communications Manager Management Web In the interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002541

DESCRIPTION

SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. Vendors have confirmed this vulnerability Bug ID CSCut33447 ,and CSCut33608 It is released as.Any user by remote authenticated user SQL The command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug IDs CSCut33447 and CSCut33608. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2015-0715 // JVNDB: JVNDB-2015-002541 // BID: 74474 // VULHUB: VHN-78661

AFFECTED PRODUCTS

vendor:ciscomodel:unity connectionscope:eqversion:11.0\(0.98000.225\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(0.98000.225)

Trust: 1.1

sources: BID: 74474 // JVNDB: JVNDB-2015-002541 // CNNVD: CNNVD-201505-029 // NVD: CVE-2015-0715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-0715
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-0715
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-029
value: MEDIUM

Trust: 0.6

VULHUB: VHN-78661
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-0715
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-78661
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-78661 // JVNDB: JVNDB-2015-002541 // CNNVD: CNNVD-201505-029 // NVD: CVE-2015-0715

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-78661 // JVNDB: JVNDB-2015-002541 // NVD: CVE-2015-0715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-029

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201505-029

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002541

PATCH
title:38674url:http://tools.cisco.com/security/center/viewAlert.x?alertId=38674
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002541

EXTERNAL IDS
db:NVDid:CVE-2015-0715
Trust: 2.8
db:SECTRACKid:1032260
Trust: 1.1
db:JVNDBid:JVNDB-2015-002541
Trust: 0.8
db:CNNVDid:CNNVD-201505-029
Trust: 0.7
db:SECUNIAid:64398
Trust: 0.6
db:BIDid:74474
Trust: 0.4
db:VULHUBid:VHN-78661
Trust: 0.1
sources:
            
            
            VULHUB: VHN-78661 // 
            
            
            
            BID: 74474 // 
            
            
            
            JVNDB: JVNDB-2015-002541 // 
            
            
            
            CNNVD: CNNVD-201505-029 // 
            
            
            
            NVD: CVE-2015-0715

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=38674
Trust: 1.7
url:http://www.securitytracker.com/id/1032260
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0715
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0715
Trust: 0.8
url:http://secunia.com/advisories/64398
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160105-cucm
Trust: 0.3
sources:
            
            
            VULHUB: VHN-78661 // 
            
            
            
            BID: 74474 // 
            
            
            
            JVNDB: JVNDB-2015-002541 // 
            
            
            
            CNNVD: CNNVD-201505-029 // 
            
            
            
            NVD: CVE-2015-0715

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 74474

SOURCES
db:VULHUBid:VHN-78661
db:BIDid:74474
db:JVNDBid:JVNDB-2015-002541
db:CNNVDid:CNNVD-201505-029
db:NVDid:CVE-2015-0715

LAST UPDATE DATE
2024-11-23T23:12:43.180000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-78661date:2015-09-10T00:00:00
db:BIDid:74474date:2015-05-05T00:00:00
db:JVNDBid:JVNDB-2015-002541date:2015-05-08T00:00:00
db:CNNVDid:CNNVD-201505-029date:2015-05-07T00:00:00
db:NVDid:CVE-2015-0715date:2024-11-21T02:23:35.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-78661date:2015-05-07T00:00:00
db:BIDid:74474date:2015-05-05T00:00:00
db:JVNDBid:JVNDB-2015-002541date:2015-05-08T00:00:00
db:CNNVDid:CNNVD-201505-029date:2015-05-07T00:00:00
db:NVDid:CVE-2015-0715date:2015-05-07T01:59:03.433