Details of VAR-201802-0589

ID

VAR-201802-0589

CVE

CVE-2018-0120

TITLE

Cisco Unified Communications Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001958

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct an SQL injection attack against an affected system. The vulnerability exists because the affected software fails to validate user-supplied input in certain SQL queries that bypass protection filters. An attacker could exploit this vulnerability by submitting crafted HTTP requests that contain malicious SQL statements to an affected system. A successful exploit could allow the attacker to determine the presence of certain values in the database of the affected system. Cisco Bug IDs: CSCvg74810. Vendors have confirmed this vulnerability Bug ID CSCvg74810 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2018-0120 // JVNDB: JVNDB-2018-001958 // BID: 102958 // VULHUB: VHN-118322

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5\(1.13900.52\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5(1.13900.52)	Trust: 0.3

sources: BID: 102958 // JVNDB: JVNDB-2018-001958 // CNNVD: CNNVD-201802-276 // NVD: CVE-2018-0120

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0120
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0120
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-276
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118322
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0120
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118322
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0120
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118322 // JVNDB: JVNDB-2018-001958 // CNNVD: CNNVD-201802-276 // NVD: CVE-2018-0120

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-118322 // JVNDB: JVNDB-2018-001958 // NVD: CVE-2018-0120

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-276

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201802-276

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001958

PATCH

title:	cisco-sa-20180207-cucm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm	Trust: 0.8
title:	Cisco Unified Communications Manager SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78387	Trust: 0.6

sources: JVNDB: JVNDB-2018-001958 // CNNVD: CNNVD-201802-276

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0120	Trust: 2.8
db:	BID	id:	102958	Trust: 2.0
db:	SECTRACK	id:	1040341	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001958	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-276	Trust: 0.7
db:	VULHUB	id:	VHN-118322	Trust: 0.1

sources: VULHUB: VHN-118322 // BID: 102958 // JVNDB: JVNDB-2018-001958 // CNNVD: CNNVD-201802-276 // NVD: CVE-2018-0120

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-cucm	Trust: 2.0
url:	http://www.securityfocus.com/bid/102958	Trust: 1.7
url:	http://www.securitytracker.com/id/1040341	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0120	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0120	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-118322 // BID: 102958 // JVNDB: JVNDB-2018-001958 // CNNVD: CNNVD-201802-276 // NVD: CVE-2018-0120

CREDITS

Cisco

Trust: 0.3

sources: BID: 102958

SOURCES

db:	VULHUB	id:	VHN-118322
db:	BID	id:	102958
db:	JVNDB	id:	JVNDB-2018-001958
db:	CNNVD	id:	CNNVD-201802-276
db:	NVD	id:	CVE-2018-0120

LAST UPDATE DATE

2024-11-23T22:48:47.052000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118322	date:	2019-10-09T00:00:00
db:	BID	id:	102958	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-001958	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201802-276	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0120	date:	2024-11-21T03:37:33.757

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118322	date:	2018-02-08T00:00:00
db:	BID	id:	102958	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-001958	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201802-276	date:	2018-02-09T00:00:00
db:	NVD	id:	CVE-2018-0120	date:	2018-02-08T07:29:00.413