Sign-up

ID

VAR-201910-0346


CVE

CVE-2019-12710


TITLE

Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-010338

DESCRIPTION

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an authenticated, remote attacker to impact the confidentiality of an affected system by executing arbitrary SQL queries. The vulnerability exists because the affected software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted requests that contain malicious SQL statements to the affected application. A successful exploit could allow the attacker to determine the presence of certain values in the database, impacting the confidentiality of the system

Trust: 1.71

sources: NVD: CVE-2019-12710 // JVNDB: JVNDB-2019-010338 // VULHUB: VHN-144484

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.52.10000.5

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.51.10000.6

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.01.10000.10

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:12.51.10000.22

Trust: 0.6

sources: JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073 // NVD: CVE-2019-12710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12710
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-12710
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12710
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-073
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144484
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12710
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-144484
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-12710
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-12710
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-144484 // JVNDB: JVNDB-2019-010338 // CNNVD: CNNVD-201910-073 // NVD: CVE-2019-12710 // NVD: CVE-2019-12710

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-144484 // JVNDB: JVNDB-2019-010338 // NVD: CVE-2019-12710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-073

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201910-073

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-010338

PATCH
title:cisco-sa-20191002-cuc-injecturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cuc-inject
Trust: 0.8
title:Cisco Unified Communications Manager  and Cisco Unified Communications Manager Session Management Edition  SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98809
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-010338 // 
            
            
            
            CNNVD: CNNVD-201910-073

EXTERNAL IDS
db:NVDid:CVE-2019-12710
Trust: 2.5
db:JVNDBid:JVNDB-2019-010338
Trust: 0.8
db:CNNVDid:CNNVD-201910-073
Trust: 0.7
db:AUSCERTid:ESB-2019.3700
Trust: 0.6
db:AUSCERTid:ESB-2019.3700.2
Trust: 0.6
db:VULHUBid:VHN-144484
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144484 // 
            
            
            
            JVNDB: JVNDB-2019-010338 // 
            
            
            
            CNNVD: CNNVD-201910-073 // 
            
            
            
            NVD: CVE-2019-12710

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191002-cuc-inject
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-12710
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12710
Trust: 0.8
url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-sql-injection-30512
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3700/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3700.2/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-144484 // 
            
            
            
            JVNDB: JVNDB-2019-010338 // 
            
            
            
            CNNVD: CNNVD-201910-073 // 
            
            
            
            NVD: CVE-2019-12710

SOURCES
db:VULHUBid:VHN-144484
db:JVNDBid:JVNDB-2019-010338
db:CNNVDid:CNNVD-201910-073
db:NVDid:CVE-2019-12710

LAST UPDATE DATE
2024-08-14T13:25:37.783000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144484date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-010338date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-073date:2019-10-25T00:00:00
db:NVDid:CVE-2019-12710date:2019-10-09T23:46:09.403

SOURCES RELEASE DATE
db:VULHUBid:VHN-144484date:2019-10-02T00:00:00
db:JVNDBid:JVNDB-2019-010338date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-073date:2019-10-02T00:00:00
db:NVDid:CVE-2019-12710date:2019-10-02T19:15:14.093