Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0026

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-0026
Last Modified 08 Aug 2011 12:00:00
Published 14 Feb 2008 07:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-0026

Summary

SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

Vulnerable Systems

Application

  • Cisco Unified Callmanager 5.0

  • Cisco Unified Callmanager 5.0 4a

  • Cisco Unified Callmanager 5.0%281%29

  • Cisco Unified Callmanager 5.0%282%29

  • Cisco Unified Callmanager 5.0%283%29

  • Cisco Unified Callmanager 5.0%283a%29

  • Cisco Unified Callmanager 5.0%284%29

  • Cisco Unified Callmanager 5.1

  • Cisco Unified Callmanager 6.0

  • Cisco Unified Communications Manager 5.0

  • Cisco Unified Communications Manager 5.0 1

  • Cisco Unified Communications Manager 5.0 2

  • Cisco Unified Communications Manager 5.0 3

  • Cisco Unified Communications Manager 5.0 3a

  • Cisco Unified Communications Manager 5.0 4

  • Cisco Unified Communications Manager 5.0 4a

  • Cisco Unified Communications Manager 5.0 4a Su1

  • Cisco Unified Communications Manager 6.0

  • Cisco Unified Communications Manager 6.0 1

  • Cisco Unified Communications Manager 6.1


References

XF - cucm-interface-sql-injection(40484)

VUPEN - ADV-2008-0542

SECTRACK - 1019404

BID - 27775

CISCO - 20080213 SQL injection in Cisco Unified Communications Manager

SECUNIA - 28932


Last Updated: 27 May 2016 10:46:38