Details of VAR-201504-0279

ID

VAR-201504-0279

CVE

CVE-2015-0699

TITLE

Cisco Unified Communications Manager of Interactive Voice Response In the component SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002288

DESCRIPTION

SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vendors have confirmed this vulnerability Bug ID CSCut21563 It is released as.By any third party SQL The command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCut21563. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Interactive Voice Response (IVR) is a component that provides an open, extensible, feature-rich foundation for creating and delivering IVR (Interactive Voice Response) applications. There is a SQL injection vulnerability in the IVR component of CUCM 10.5 (1.98991.13), which is caused by the fact that the program does not fully validate the input submitted by the user before constructing the SQL query statement

Trust: 2.07

sources: NVD: CVE-2015-0699 // JVNDB: JVNDB-2015-002288 // BID: 71432 // VULHUB: VHN-78645 // VULMON: CVE-2015-0699

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.5\(1.98991.13\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.5(1.98991.13)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	10.5(1.98991.13)	Trust: 0.3

sources: BID: 71432 // JVNDB: JVNDB-2015-002288 // CNNVD: CNNVD-201504-277 // NVD: CVE-2015-0699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0699
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0699
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201504-277
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78645
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-0699
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0699
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-78645
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78645 // VULMON: CVE-2015-0699 // JVNDB: JVNDB-2015-002288 // CNNVD: CNNVD-201504-277 // NVD: CVE-2015-0699

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-78645 // JVNDB: JVNDB-2015-002288 // NVD: CVE-2015-0699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-277

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201504-277

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002288

PATCH

title:

38366

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=38366

Trust: 0.8

sources: JVNDB: JVNDB-2015-002288

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0699	Trust: 2.9
db:	SECTRACK	id:	1032134	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002288	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-277	Trust: 0.7
db:	BID	id:	71432	Trust: 0.4
db:	VULHUB	id:	VHN-78645	Trust: 0.1
db:	VULMON	id:	CVE-2015-0699	Trust: 0.1

sources: VULHUB: VHN-78645 // VULMON: CVE-2015-0699 // BID: 71432 // JVNDB: JVNDB-2015-002288 // CNNVD: CNNVD-201504-277 // NVD: CVE-2015-0699

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=38366	Trust: 2.1
url:	http://www.securitytracker.com/id/1032134	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0699	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0699	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-78645 // VULMON: CVE-2015-0699 // BID: 71432 // JVNDB: JVNDB-2015-002288 // CNNVD: CNNVD-201504-277 // NVD: CVE-2015-0699

CREDITS

Cisco

Trust: 0.3

sources: BID: 71432

SOURCES

db:	VULHUB	id:	VHN-78645
db:	VULMON	id:	CVE-2015-0699
db:	BID	id:	71432
db:	JVNDB	id:	JVNDB-2015-002288
db:	CNNVD	id:	CNNVD-201504-277
db:	NVD	id:	CVE-2015-0699

LAST UPDATE DATE

2025-04-13T23:29:38.031000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78645	date:	2017-01-06T00:00:00
db:	VULMON	id:	CVE-2015-0699	date:	2017-01-06T00:00:00
db:	BID	id:	71432	date:	2015-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-002288	date:	2015-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201504-277	date:	2015-04-16T00:00:00
db:	NVD	id:	CVE-2015-0699	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78645	date:	2015-04-15T00:00:00
db:	VULMON	id:	CVE-2015-0699	date:	2015-04-15T00:00:00
db:	BID	id:	71432	date:	2015-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-002288	date:	2015-04-16T00:00:00
db:	CNNVD	id:	CNNVD-201504-277	date:	2015-04-16T00:00:00
db:	NVD	id:	CVE-2015-0699	date:	2015-04-15T10:59:05.440