Lucene search

[email protected]NVD:CVE-2011-4487

HistoryMar 01, 2012 - 1:55 a.m.

CVE-2011-4487

2012-03-0101:55:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

45.1%

JSON

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.0\(1\)

ciscounified_communications_managerMatch6.0\(1a\)

ciscounified_communications_managerMatch6.0\(1b\)

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(1b\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(2\)su1a

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch6.1\(3a\)

ciscounified_communications_managerMatch6.1\(3b\)

ciscounified_communications_managerMatch6.1\(3b\)su1

ciscounified_communications_managerMatch6.1\(4\)

ciscounified_communications_managerMatch6.1\(4\)su1

ciscounified_communications_managerMatch6.1\(4a\)

ciscounified_communications_managerMatch6.1\(4a\)su2

ciscounified_communications_managerMatch6.1\(5\)

ciscounified_communications_managerMatch6.1\(5\)su1

ciscounified_communications_managerMatch6.1\(5\)su2

ciscounified_communications_managerMatch6.1\(5\)su3

Node

ciscounified_communications_managerMatch7.0\(1\)su1

ciscounified_communications_managerMatch7.0\(1\)su1a

ciscounified_communications_managerMatch7.0\(2\)

ciscounified_communications_managerMatch7.0\(2a\)

ciscounified_communications_managerMatch7.0\(2a\)su1

ciscounified_communications_managerMatch7.0\(2a\)su2

ciscounified_communications_managerMatch7.1\(2a\)

ciscounified_communications_managerMatch7.1\(2a\)su1

ciscounified_communications_managerMatch7.1\(2b\)

ciscounified_communications_managerMatch7.1\(2b\)su1

ciscounified_communications_managerMatch7.1\(3\)

ciscounified_communications_managerMatch7.1\(3a\)

ciscounified_communications_managerMatch7.1\(3a\)su1

ciscounified_communications_managerMatch7.1\(3a\)su1a

ciscounified_communications_managerMatch7.1\(3b\)

ciscounified_communications_managerMatch7.1\(3b\)su1

ciscounified_communications_managerMatch7.1\(3b\)su2

ciscounified_communications_managerMatch7.1\(5\)

ciscounified_communications_managerMatch7.1\(5\)su1

ciscounified_communications_managerMatch7.1\(5\)su1a

ciscounified_communications_managerMatch7.1\(5a\)

ciscounified_communications_managerMatch7.1\(5b\)

ciscounified_communications_managerMatch7.1\(5b\)su1

ciscounified_communications_managerMatch7.1\(5b\)su1a

ciscounified_communications_managerMatch7.1\(5b\)su2

ciscounified_communications_managerMatch7.1\(5b\)su3

ciscounified_communications_managerMatch7.1\(5b\)su4

Node

ciscounified_communications_managerMatch8.0

ciscounified_communications_managerMatch8.0\(1\)

ciscounified_communications_managerMatch8.0\(2\)

ciscounified_communications_managerMatch8.0\(2a\)

ciscounified_communications_managerMatch8.0\(2b\)

ciscounified_communications_managerMatch8.0\(2c\)

ciscounified_communications_managerMatch8.0\(2c\)su1

ciscounified_communications_managerMatch8.0\(3\)

ciscounified_communications_managerMatch8.0\(3a\)

ciscounified_communications_managerMatch8.0\(3a\)su1

ciscounified_communications_managerMatch8.0\(3a\)su2

Node

ciscounified_communications_managerMatch8.5

ciscounified_communications_managerMatch8.5\(1\)

ciscounified_communications_managerMatch8.5\(1\)su1

ciscounified_communications_managerMatch8.5\(1\)su2

ciscounified_communications_managerMatch8.5\(1\)su3

Node

ciscounified_communications_managerMatch8.6

ciscounified_communications_managerMatch8.6\(1\)

ciscounified_communications_managerMatch8.6\(1a\)

ciscounified_communications_managerMatch8.6\(2\)

ciscounified_communications_managerMatch8.6\(2a\)

Node

ciscobusiness_edition_3000_softwareMatch8.6\(1\)

ciscobusiness_edition_3000_softwareMatch8.6\(1a\)

ciscobusiness_edition_3000_softwareMatch8.6\(2a\)

ciscobusiness_edition_3000_softwareMatch8.6.2

AND

ciscobusiness_edition_3000Match-

Node

ciscobusiness_edition_5000_softwareMatch8.5

ciscobusiness_edition_5000_softwareMatch8.5\(1\)

ciscobusiness_edition_5000_softwareMatch8.6

ciscobusiness_edition_5000_softwareMatch8.6\(1\)

ciscobusiness_edition_5000_softwareMatch8.6\(1a\)

ciscobusiness_edition_5000_softwareMatch8.6\(2\)

ciscobusiness_edition_5000_softwareMatch8.6\(2a\)

AND

ciscobusiness_edition_5000Match-

Node

ciscobusiness_edition_6000_softwareMatch8.5\(1\)

ciscobusiness_edition_6000_softwareMatch8.5\(1\)su1

ciscobusiness_edition_6000_softwareMatch8.5\(1\)su2

ciscobusiness_edition_6000_softwareMatch8.5\(1\)su3

ciscobusiness_edition_6000_softwareMatch8.5\(1-2011o\)

ciscobusiness_edition_6000_softwareMatch8.6\(1\)

ciscobusiness_edition_6000_softwareMatch8.6\(1a\)

ciscobusiness_edition_6000_softwareMatch8.6\(2\)

ciscobusiness_edition_6000_softwareMatch8.6\(2a\)

AND

ciscobusiness_edition_6000Match-

VendorProductVersionCPE
ciscounified_communications_manager6.0cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
ciscounified_communications_manager6.0(1)cpe:2.3:a:cisco:unified_communications_manager:6.0\(1\):*:*:*:*:*:*:*
ciscounified_communications_manager6.0(1a)cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):*:*:*:*:*:*:*
ciscounified_communications_manager6.0(1b)cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(1)cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(1a)cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(1b)cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(2)cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
ciscounified_communications_manager6.1(2)su1cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
ciscounified_communications_manager6.1(2)su1acpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	6.0	cpe:2.3:a:cisco:unified_communications_manager:6.0:::::::*
cisco	unified_communications_manager	6.0(1)	cpe:2.3:a:cisco:unified_communications_manager:6.0\(1\):::::::*
cisco	unified_communications_manager	6.0(1a)	cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):::::::*
cisco	unified_communications_manager	6.0(1b)	cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):::::::*
cisco	unified_communications_manager	6.1(1)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):::::::*
cisco	unified_communications_manager	6.1(1a)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):::::::*
cisco	unified_communications_manager	6.1(1b)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):::::::*
cisco	unified_communications_manager	6.1(2)	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):::::::*
cisco	unified_communications_manager	6.1(2)su1	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:::::::*
cisco	unified_communications_manager	6.1(2)su1a	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:::::::*