CVE-2007-4634

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml
http://www.securityfocus.com/bid/25480	Exploit
http://securitytracker.com/id?1018624
http://secunia.com/advisories/26641	Vendor Advisory
http://www.vupen.com/english/advisories/2007/3010
https://exchange.xforce.ibmcloud.com/vulnerabilities/36326

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.3\(1\):::::::*
	cpe:2.3:h:cisco:call_manager:4.1\(3\)sr4:::::::*
	cpe:2.3:h:cisco:call_manager:4.2:::::::*
	cpe:2.3:h:cisco:call_manager:4.3\(1\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:::::::*
	cpe:2.3:h:cisco:call_manager:4.2\(2\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
	cpe:2.3:h:cisco:call_manager:3.3\(5\)sr2:::::::*
	cpe:2.3:h:cisco:call_manager:4.1\(3\)sr1:::::::*
	cpe:2.3:h:cisco:call_manager:4.1:::::::*
	cpe:2.3:h:cisco:call_manager:3.3\(5\)sr2a:::::::*
	cpe:2.3:h:cisco:call_manager:4.1\(3\)sr2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.1:::::::*
	cpe:2.3:h:cisco:call_manager:4.2\(1\):::::::*
	cpe:2.3:h:cisco:call_manager:4.3:::::::*
	cpe:2.3:h:cisco:call_manager:4.1\(3\)sr3:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
	cpe:2.3:h:cisco:call_manager:4.2\(3\)sr1:::::::*
	cpe:2.3:a:cisco:unified_communications_manager:4.2.2:::::::*
	cpe:2.3:h:cisco:call_manager:4.2\(3\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
	cpe:2.3:h:cisco:call_manager:4.2\(3\)sr2:::::::*
	cpe:2.3:h:cisco:call_manager:3.3\(5\)sr1:::::::*

Information

Published : 2007-08-31 16:17

Updated : 2017-07-28 18:33

NVD link : CVE-2007-4634

Mitre link : CVE-2007-4634

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

cisco

call_manager
unified_communications_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtml", "name": "20070829 XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page", "tags": [], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/25480", "name": "25480", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1018624", "name": "1018624", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/26641", "name": "26641", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/3010", "name": "ADV-2007-3010", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36326", "name": "cisco-cucm-admin-sql-injection(36326)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4634", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-08-31T23:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.3\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.1\\(3\\)sr4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.1\\(3\\)sr3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr2a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:4.2\\(3\\)sr2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:call_manager:3.3\\(5\\)sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:33Z"}

9.3 /10