Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1609

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2011-1609
Last Modified 11 May 2011 03:25:38
Published 03 May 2011 06:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1609

Summary

SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 6.0

  • Cisco Unified Communications Manager 6.1%281%29

  • Cisco Unified Communications Manager 6.1%281a%29

  • Cisco Unified Communications Manager 6.1%281b%29

  • Cisco Unified Communications Manager 6.1%282%29

  • Cisco Unified Communications Manager 6.1%282%29su1

  • Cisco Unified Communications Manager 6.1%282%29su1a

  • Cisco Unified Communications Manager 6.1%283%29

  • Cisco Unified Communications Manager 6.1%283a%29

  • Cisco Unified Communications Manager 6.1%283b%29

  • Cisco Unified Communications Manager 6.1%283b%29su1

  • Cisco Unified Communications Manager 6.1%284%29

  • Cisco Unified Communications Manager 6.1%284%29su1

  • Cisco Unified Communications Manager 6.1%284a%29

  • Cisco Unified Communications Manager 6.1%284a%29su2

  • Cisco Unified Communications Manager 6.1%285%29

  • Cisco Unified Communications Manager 6.1%285%29su1

  • Cisco Unified Communications Manager 7.0%281%29su1

  • Cisco Unified Communications Manager 7.0%281%29su1a

  • Cisco Unified Communications Manager 7.0%282%29

  • Cisco Unified Communications Manager 7.0%282a%29

  • Cisco Unified Communications Manager 7.0%282a%29su1

  • Cisco Unified Communications Manager 7.0%282a%29su2

  • Cisco Unified Communications Manager 7.1%282a%29

  • Cisco Unified Communications Manager 7.1%282a%29su1

  • Cisco Unified Communications Manager 7.1%282b%29

  • Cisco Unified Communications Manager 7.1%283%29

  • Cisco Unified Communications Manager 7.1%283a%29

  • Cisco Unified Communications Manager 7.1%283a%29su1

  • Cisco Unified Communications Manager 7.1%283a%29su1a

  • Cisco Unified Communications Manager 7.1%283b%29

  • Cisco Unified Communications Manager 7.1%283b%29su1

  • Cisco Unified Communications Manager 7.1%283b%29su2

  • Cisco Unified Communications Manager 7.1%285%29

  • Cisco Unified Communications Manager 7.1%285%29su1

  • Cisco Unified Communications Manager 7.1%285%29su1a

  • Cisco Unified Communications Manager 7.1%285a%29

  • Cisco Unified Communications Manager 7.1%285b%29

  • Cisco Unified Communications Manager 8.0%282c%29

  • Cisco Unified Communications Manager 8.0%282c%29su1

  • Cisco Unified Communications Manager 8.0%283%29

  • Cisco Unified Communications Manager 8.0%283a%29

  • Cisco Unified Communications Manager 8.0%283a%29su1

  • Cisco Unified Communications Manager 8.0%283a%29su2

  • Cisco Unified Communications Manager 8.5


References

XF - cisco-ucm-sql-injection(67125)

VUPEN - ADV-2011-1122

SECTRACK - 1025449

BID - 47605

CISCO - 20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager

SECUNIA - 44331

FULLDISC - 20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability


Last Updated: 27 May 2016 10:56:23