Sign-up

ID

VAR-201602-0049


CVE

CVE-2016-1308


TITLE

Cisco Unified Communications Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001415

DESCRIPTION

SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCux99227. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2016-1308 // JVNDB: JVNDB-2016-001415 // BID: 82588 // VULHUB: VHN-90127

AFFECTED PRODUCTS

vendor:samsungmodel:x14jscope:eqversion:t-ms14jakucb-1102.5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.13900.9)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\\\(2.13900.9\\\)

Trust: 0.6

sources: JVNDB: JVNDB-2016-001415 // CNNVD: CNNVD-201602-144 // NVD: CVE-2016-1308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1308
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1308
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-144
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90127
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1308
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90127
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1308
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90127 // JVNDB: JVNDB-2016-001415 // CNNVD: CNNVD-201602-144 // NVD: CVE-2016-1308

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-90127 // JVNDB: JVNDB-2016-001415 // NVD: CVE-2016-1308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-144

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201602-144

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001415

PATCH
title:cisco-sa-20160203-ucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001415

EXTERNAL IDS
db:NVDid:CVE-2016-1308
Trust: 2.8
db:SECTRACKid:1034938
Trust: 1.1
db:JVNDBid:JVNDB-2016-001415
Trust: 0.8
db:CNNVDid:CNNVD-201602-144
Trust: 0.7
db:BIDid:82588
Trust: 0.3
db:VULHUBid:VHN-90127
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90127 // 
            
            
            
            BID: 82588 // 
            
            
            
            JVNDB: JVNDB-2016-001415 // 
            
            
            
            CNNVD: CNNVD-201602-144 // 
            
            
            
            NVD: CVE-2016-1308

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160203-ucm
Trust: 2.0
url:http://www.securitytracker.com/id/1034938
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1308
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1308
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90127 // 
            
            
            
            BID: 82588 // 
            
            
            
            JVNDB: JVNDB-2016-001415 // 
            
            
            
            CNNVD: CNNVD-201602-144 // 
            
            
            
            NVD: CVE-2016-1308

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 82588

SOURCES
db:VULHUBid:VHN-90127
db:BIDid:82588
db:JVNDBid:JVNDB-2016-001415
db:CNNVDid:CNNVD-201602-144
db:NVDid:CVE-2016-1308

LAST UPDATE DATE
2024-11-23T23:05:36.637000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90127date:2016-12-06T00:00:00
db:BIDid:82588date:2016-07-05T21:22:00
db:JVNDBid:JVNDB-2016-001415date:2016-02-17T00:00:00
db:CNNVDid:CNNVD-201602-144date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1308date:2024-11-21T02:46:09.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-90127date:2016-02-07T00:00:00
db:BIDid:82588date:2016-02-03T00:00:00
db:JVNDBid:JVNDB-2016-001415date:2016-02-17T00:00:00
db:CNNVDid:CNNVD-201602-144date:2016-02-14T00:00:00
db:NVDid:CVE-2016-1308date:2016-02-07T11:59:04.803