Release date:
Updated on:
Affected Systems:
Cisco Unified Presence Server 8.6 (4)
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64551
CVE (CAN) ID: CVE-2013-6983
Cisco Unified Presence is an enterprise-level platform driven by Jabber XMPP. It can collect information about user availability and communication functions to provide Unified user network status, provides support for Cisco Unified Communications and key business applications based on network status.
A security vulnerability exists in the Web interface of Cisco uniied Presence Server 8.6 (4), which allows authenticated remote attackers to affect the confidentiality, integrity, and availability of the affected system. This vulnerability is caused by the failure to correctly verify user input in the SQL query. Attackers exploit this vulnerability through specially crafted URLs, including SQL statements.
<* Source: Cisco
Link: http://secunia.com/advisories/56273
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-6983) and patches for this:
CVE-2013-6983: Cisco uniied Presence Server SQL Injection Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983