Cisco uniied Communications Manager SQL Injection Vulnerability (CVE-2018-0120)
Cisco uniied Communications Manager SQL Injection Vulnerability (CVE-2018-0120)
Release date:
Updated on:
Affected Systems:
Cisco Unified Communications Manager
Description:
Bugtraq id: 102958
CVE (CAN) ID: CVE-2018-0120
Cisco uniied Communications Manager is an enterprise-level IP call handling system.
Cisco Unified Communications Manager has a security vulnerability in Web Framework implementation, which allows authenticated remote attackers to execute SQL injection attacks against affected systems. This vulnerability occurs because the affected software does not properly verify user input.
<* Source: Cisco
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20180207-cucm) and patches for this:
Cisco-sa-20180207-cucm: Cisco uniied Communications Manager SQL Injection Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm
This article permanently updates link: https://www.bkjia.com/Linux/2018-02/150986.htm