CiscoCISCO-SA-20120510-CVE-2012-0337Cisco Unified MeetingPlace SQL Injection Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
41.7%
Cisco Unified MeetingPlace contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary SQL code on a targeted system.
The vulnerability is due to improper validation of user-supplied input to the web-based application interface. An authenticated, remote attacker could exploit this vulnerability by sending malicious requests to the system. If successful, the attacker could execute arbitrary SQL code against the database underlying the affected application.
Cisco has confirmed this vulnerability in a bug report and has released updated software.
To exploit this vulnerability, the attacker would need to authenticate to the targeted device. To achieve this objective, the attacker may need access to trusted, internal network resources. This access requirement reduces the exposure of this vulnerability.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_meetingplace_web_conferencing | any | cpe:2.3:a:cisco:unified_meetingplace_web_conferencing:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
41.7%