Sign-up

ID

VAR-201601-0492


CVE

CVE-2015-6433


TITLE

Cisco Unified Communications Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006692

DESCRIPTION

SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug IDs CSCut66767. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2015-6433 // JVNDB: JVNDB-2015-006692 // BID: 79845 // VULHUB: VHN-84394

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(0.98000.225\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(0.98000.225)

Trust: 1.1

sources: BID: 79845 // JVNDB: JVNDB-2015-006692 // CNNVD: CNNVD-201601-122 // NVD: CVE-2015-6433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6433
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6433
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201601-122
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84394
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6433
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84394
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6433
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-84394 // JVNDB: JVNDB-2015-006692 // CNNVD: CNNVD-201601-122 // NVD: CVE-2015-6433

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-84394 // JVNDB: JVNDB-2015-006692 // NVD: CVE-2015-6433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-122

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201601-122

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006692

PATCH
title:cisco-sa-20160105-cucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm
Trust: 0.8
title:Cisco Unified Communications Manager SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59478
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006692 // 
            
            
            
            CNNVD: CNNVD-201601-122

EXTERNAL IDS
db:NVDid:CVE-2015-6433
Trust: 2.8
db:SECTRACKid:1034583
Trust: 1.1
db:JVNDBid:JVNDB-2015-006692
Trust: 0.8
db:CNNVDid:CNNVD-201601-122
Trust: 0.7
db:BIDid:79845
Trust: 0.4
db:VULHUBid:VHN-84394
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84394 // 
            
            
            
            BID: 79845 // 
            
            
            
            JVNDB: JVNDB-2015-006692 // 
            
            
            
            CNNVD: CNNVD-201601-122 // 
            
            
            
            NVD: CVE-2015-6433

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160105-cucm
Trust: 2.0
url:http://www.securitytracker.com/id/1034583
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6433
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6433
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84394 // 
            
            
            
            BID: 79845 // 
            
            
            
            JVNDB: JVNDB-2015-006692 // 
            
            
            
            CNNVD: CNNVD-201601-122 // 
            
            
            
            NVD: CVE-2015-6433

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 79845

SOURCES
db:VULHUBid:VHN-84394
db:BIDid:79845
db:JVNDBid:JVNDB-2015-006692
db:CNNVDid:CNNVD-201601-122
db:NVDid:CVE-2015-6433

LAST UPDATE DATE
2024-11-23T22:38:45.910000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84394date:2016-12-07T00:00:00
db:BIDid:79845date:2016-01-05T00:00:00
db:JVNDBid:JVNDB-2015-006692date:2016-01-12T00:00:00
db:CNNVDid:CNNVD-201601-122date:2016-01-08T00:00:00
db:NVDid:CVE-2015-6433date:2024-11-21T02:34:59.290

SOURCES RELEASE DATE
db:VULHUBid:VHN-84394date:2016-01-08T00:00:00
db:BIDid:79845date:2016-01-05T00:00:00
db:JVNDBid:JVNDB-2015-006692date:2016-01-12T00:00:00
db:CNNVDid:CNNVD-201601-122date:2016-01-08T00:00:00
db:NVDid:CVE-2015-6433date:2016-01-08T02:59:00.107