ID

VAR-201910-0346


CVE

CVE-2019-12710


TITLE

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010338

DESCRIPTION

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system

Trust: 1.71

sources: NVD: CVE-2019-12710 // JVNDB: JVNDB-2019-010338 // VULHUB: VHN-144484

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.52.10000.5

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.51.10000.6

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.01.10000.10

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.51.10000.22

Trust: 0.6

sources: JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073 // NVD: CVE-2019-12710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12710
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12710
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12710
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-073
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144484
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12710
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144484
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12710
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12710
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144484 // JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073 // NVD: CVE-2019-12710 // NVD: CVE-2019-12710

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-144484 // JVNDB: JVNDB-2019-010338 // NVD: CVE-2019-12710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-073

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-073

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-010338

PATCH

title:cisco-sa-20191002-cuc-injecturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject

Trust: 0.8

title:Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98809

Trust: 0.6

sources: JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073

EXTERNAL IDS

db:NVDid:CVE-2019-12710

Trust: 2.5

db:JVNDBid:JVNDB-2019-010338

Trust: 0.8

db:CNNVDid:CNNVD-201910-073

Trust: 0.7

db:AUSCERTid:ESB-2019.3700

Trust: 0.6

db:AUSCERTid:ESB-2019.3700.2

Trust: 0.6

db:VULHUBid:VHN-144484

Trust: 0.1

sources: VULHUB: VHN-144484 // JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073 // NVD: CVE-2019-12710

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cuc-inject

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-12710

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12710

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-sql-injection-30512

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3700/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3700.2/

Trust: 0.6

sources: VULHUB: VHN-144484 // JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073 // NVD: CVE-2019-12710

SOURCES

db:VULHUBid:VHN-144484
db:JVNDBid:JVNDB-2019-010338
db:CNNVDid:CNNVD-201910-073
db:NVDid:CVE-2019-12710

LAST UPDATE DATE

2024-08-14T13:25:37.783000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-144484date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010338date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-073date:2019-10-25T00:00:00
db:NVDid:CVE-2019-12710date:2019-10-09T23:46:09.403

SOURCES RELEASE DATE

db:VULHUBid:VHN-144484date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010338date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-073date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12710date:2019-10-02T19:15:14.093