Sign-up

ID

VAR-201708-1347


CVE

CVE-2017-6757


TITLE

Cisco Unified Communications Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006837

DESCRIPTION

A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786. Vendors have confirmed this vulnerability Bug ID CSCve13786 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2017-6757 // JVNDB: JVNDB-2017-006837 // BID: 100121 // VULHUB: VHN-114960

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.10000.6)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(1.10000.10)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 1.1

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 100121 // JVNDB: JVNDB-2017-006837 // CNNVD: CNNVD-201708-160 // NVD: CVE-2017-6757

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6757
value: HIGH

Trust: 1.0

NVD: CVE-2017-6757
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-160
value: HIGH

Trust: 0.6

VULHUB: VHN-114960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6757
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114960
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6757
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114960 // JVNDB: JVNDB-2017-006837 // CNNVD: CNNVD-201708-160 // NVD: CVE-2017-6757

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-114960 // JVNDB: JVNDB-2017-006837 // NVD: CVE-2017-6757

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-160

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201708-160

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006837

PATCH
title:CSCve13786 - Cisco Unified Communications Manager SQL Injection Vulnerabilityurl:https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13786
Trust: 0.8
title:cisco-sa-20170802-ucmurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm
Trust: 0.8
title:Cisco Unified Communications Manager SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72393
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-006837 // 
            
            
            
            CNNVD: CNNVD-201708-160

EXTERNAL IDS
db:NVDid:CVE-2017-6757
Trust: 2.8
db:BIDid:100121
Trust: 2.0
db:SECTRACKid:1039063
Trust: 1.7
db:JVNDBid:JVNDB-2017-006837
Trust: 0.8
db:CNNVDid:CNNVD-201708-160
Trust: 0.7
db:VULHUBid:VHN-114960
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114960 // 
            
            
            
            BID: 100121 // 
            
            
            
            JVNDB: JVNDB-2017-006837 // 
            
            
            
            CNNVD: CNNVD-201708-160 // 
            
            
            
            NVD: CVE-2017-6757

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170802-ucm
Trust: 2.0
url:http://www.securityfocus.com/bid/100121
Trust: 1.7
url:https://quickview.cloudapps.cisco.com/quickview/bug/cscve13786
Trust: 1.7
url:http://www.securitytracker.com/id/1039063
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6757
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6757
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114960 // 
            
            
            
            BID: 100121 // 
            
            
            
            JVNDB: JVNDB-2017-006837 // 
            
            
            
            CNNVD: CNNVD-201708-160 // 
            
            
            
            NVD: CVE-2017-6757

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 100121

SOURCES
db:VULHUBid:VHN-114960
db:BIDid:100121
db:JVNDBid:JVNDB-2017-006837
db:CNNVDid:CNNVD-201708-160
db:NVDid:CVE-2017-6757

LAST UPDATE DATE
2024-11-23T22:42:08.128000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114960date:2019-10-09T00:00:00
db:BIDid:100121date:2017-08-02T00:00:00
db:JVNDBid:JVNDB-2017-006837date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201708-160date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6757date:2024-11-21T03:30:27.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-114960date:2017-08-07T00:00:00
db:BIDid:100121date:2017-08-02T00:00:00
db:JVNDBid:JVNDB-2017-006837date:2017-09-05T00:00:00
db:CNNVDid:CNNVD-201708-160date:2017-08-09T00:00:00
db:NVDid:CVE-2017-6757date:2017-08-07T06:29:00.480