CVE-2011-4487

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:6.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:8.0:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2b\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:8.5:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su3:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:8.6:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\):::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:a:cisco:business_edition_3000_software:8.6\(1\):::::::*
	cpe:2.3:a:cisco:business_edition_3000_software:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:business_edition_3000_software:8.6\(2a\):::::::*
	cpe:2.3:a:cisco:business_edition_3000_software:8.6.2:::::::*

cpe:2.3:h:cisco:business_edition_3000:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:a:cisco:business_edition_5000_software:8.5:::::::*
	cpe:2.3:a:cisco:business_edition_5000_software:8.5\(1\):::::::*
	cpe:2.3:a:cisco:business_edition_5000_software:8.6:::::::*
	cpe:2.3:a:cisco:business_edition_5000_software:8.6\(1\):::::::*
	cpe:2.3:a:cisco:business_edition_5000_software:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:business_edition_5000_software:8.6\(2\):::::::*
	cpe:2.3:a:cisco:business_edition_5000_software:8.6\(2a\):::::::*

cpe:2.3:h:cisco:business_edition_5000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:a:cisco:business_edition_6000_software:8.5\(1\):::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.5\(1-2011o\):::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.6\(1\):::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.6\(2\):::::::*
	cpe:2.3:a:cisco:business_edition_6000_software:8.6\(2a\):::::::*

cpe:2.3:h:cisco:business_edition_6000:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-03-01 01:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-4487

Mitre link : CVE-2011-4487

CVE.ORG link : CVE-2011-4487

JSON object : View

Products Affected

cisco

business_edition_5000
business_edition_3000
business_edition_3000_software
business_edition_6000
business_edition_6000_software
business_edition_5000_software
unified_communications_manager

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.8 /10