Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4634

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4634
Last Modified 07 Mar 2011 09:58:55
Published 31 Aug 2007 07:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4634

Summary

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 3.3%285%29

  • Cisco Unified Communications Manager 3.3%285%29sr1

  • Cisco Unified Communications Manager 3.3%285%29sr2a

  • Cisco Unified Communications Manager 4.1%283%29

  • Cisco Unified Communications Manager 4.1%283%29sr1

  • Cisco Unified Communications Manager 4.1%283%29sr2

  • Cisco Unified Communications Manager 4.1%283%29sr3

  • Cisco Unified Communications Manager 4.1%283%29sr4

  • Cisco Unified Communications Manager 4.2

  • Cisco Unified Communications Manager 4.2.1

  • Cisco Unified Communications Manager 4.2.2

  • Cisco Unified Communications Manager 4.2.3

  • Cisco Unified Communications Manager 4.2.3sr1

  • Cisco Unified Communications Manager 4.3

  • Cisco Unified Communications Manager 4.3%281%29


References

VUPEN - ADV-2007-3010

BID - 25480

CISCO - 20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page

SECTRACK - 1018624

SECUNIA - 26641

XF - cisco-cucm-admin-sql-injection(36326)


Last Updated: 27 May 2016 10:45:54