Cisco Fixes High-Severity SQL Injection Vulnerability in Unified Communications Manager

Cisco recently patched a critical-severity SQL injection vulnerability that could give an unauthenticated, remote attacker “full control” of a vulnerable Unified Communications Manager (UCM) system. The security issue, tracked as CVE-2019-1843, was discovered by Cisco engineers in Cisco Unified Communications Manager, also known as CUCM and formerly known as CallManager. The vulnerability exists due to insufficient validation of user-supplied input in certain documented parameters of the system’s web-based management interface. Successful exploitation of the flaw could allow an attacker to access the UCM’s underlying database, or execute arbitrary code with root privileges on the vulnerable system. An attacker could also conduct a SQL injection attack to bypass authentication, according to Cisco’s advisory. The primary part of the software affected by the flaw is CUCM version 12.0. Cisco has released an update to address the vulnerability. The company said thatversion 11.5 of the software was also affected, however no updates were released as its end-of-life has passed and it is no longer supported. Cisco also said that customers using versions 10.5 and earlier did not need to apply any updates as the vulnerable function was not included in their systems. The IT giant is urging customers to update their systems with software releases that contain a fix for this vulnerability. System administrators are also recommended to take measures to mitigate the risk of attack by changing the administrative interface’s port number, and using encrypted connection protocols. Cisco has also released an advisory containing detailed directions to help customers in securing their networks, as well as other best practices for reducing risk. The company also warns them not to include confidential information on the web interface.

This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000


Cyber News related to Cisco Fixes High-Severity SQL Injection Vulnerability in Unified Communications Manager

Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
8 months ago Feedpress.me
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
9 months ago Darkreading.com
Cisco Fixes High-Severity SQL Injection Vulnerability in Unified Communications Manager - Cisco recently patched a critical-severity SQL injection vulnerability that could give an unauthenticated, remote attacker “full control” of a vulnerable Unified Communications Manager (UCM) system. ...
1 year ago Securityweek.com
CVE-2010-0587 - Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP ...
14 years ago
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
10 months ago Feedpress.me
CVE-2021-1355 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
3 years ago
CVE-2021-1364 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
3 years ago
CVE-2021-1282 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
2 years ago
CVE-2021-1357 - Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL ...
2 years ago
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
10 months ago Gbhackers.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
1 year ago Feedpress.me
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
8 months ago Feedpress.me
CVE-2011-4486 - Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before ...
12 years ago
CVE-2017-6779 - Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial ...
5 years ago
CVE-2021-34701 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence ...
3 years ago
CVE-2022-20800 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence ...
2 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
CVE-2021-1380 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2021-1407 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2021-1409 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2021-1408 - Multiple vulnerabilities in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unified Communications Manager ...
3 years ago
CVE-2022-20791 - A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence ...
2 years ago
CVE-2021-34773 - A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & ...
3 years ago
Embrace the Multicloud Era with Cisco Learning and Certifications at Cisco Live Amsterdam - It's time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024. Let's dive into how you can make the most of your ...
10 months ago Feedpress.me
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
9 months ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)