Details of VAR-201706-0584

ID

VAR-201706-0584

CVE

CVE-2017-6668

TITLE

Cisco Unified Communications Domain Manager of Web Base of GUI Vulnerabilities affected by system confidentiality

Trust: 0.8

sources: JVNDB: JVNDB-2017-004884

DESCRIPTION

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1. Vendors have confirmed this vulnerability Bug ID CSCvc52784 and CSCvc97648 It is released as.By a remotely authenticated attacker SQL The execution of the query can affect the confidentiality of the system. Exploiting these issues could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID's CSCvc52784 and CSCvc97648. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. The Web-based GUI in CUCDM has a SQL injection vulnerability, which stems from the fact that the program does not fully verify the input submitted by the user in the HTTP request parameters

Trust: 1.98

sources: NVD: CVE-2017-6668 // JVNDB: JVNDB-2017-004884 // BID: 98947 // VULHUB: VHN-114871

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1\(7\)er1	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1(7)er1	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	hosted collaboration solution 8.1 er1	scope:	-	version:	-	Trust: 0.3

sources: BID: 98947 // JVNDB: JVNDB-2017-004884 // CNNVD: CNNVD-201706-365 // NVD: CVE-2017-6668

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6668
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6668
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201706-365
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114871
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6668
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114871
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6668
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114871 // JVNDB: JVNDB-2017-004884 // CNNVD: CNNVD-201706-365 // NVD: CVE-2017-6668

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-114871 // JVNDB: JVNDB-2017-004884 // NVD: CVE-2017-6668

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-365

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-365

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004884

PATCH

title:

cisco-sa-20170607-cucm2

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2

Trust: 0.8

sources: JVNDB: JVNDB-2017-004884

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6668	Trust: 2.8
db:	BID	id:	98947	Trust: 2.0
db:	SECTRACK	id:	1038632	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-004884	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-365	Trust: 0.7
db:	VULHUB	id:	VHN-114871	Trust: 0.1

sources: VULHUB: VHN-114871 // BID: 98947 // JVNDB: JVNDB-2017-004884 // CNNVD: CNNVD-201706-365 // NVD: CVE-2017-6668

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-cucm2	Trust: 2.0
url:	http://www.securityfocus.com/bid/98947	Trust: 1.7
url:	http://www.securitytracker.com/id/1038632	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6668	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6668	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-114871 // BID: 98947 // JVNDB: JVNDB-2017-004884 // CNNVD: CNNVD-201706-365 // NVD: CVE-2017-6668

CREDITS

Cisco

Trust: 0.9

sources: BID: 98947 // CNNVD: CNNVD-201706-365

SOURCES

db:	VULHUB	id:	VHN-114871
db:	BID	id:	98947
db:	JVNDB	id:	JVNDB-2017-004884
db:	CNNVD	id:	CNNVD-201706-365
db:	NVD	id:	CVE-2017-6668

LAST UPDATE DATE

2025-04-20T23:04:56.215000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114871	date:	2017-07-08T00:00:00
db:	BID	id:	98947	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004884	date:	2017-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201706-365	date:	2017-07-14T00:00:00
db:	NVD	id:	CVE-2017-6668	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114871	date:	2017-06-13T00:00:00
db:	BID	id:	98947	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004884	date:	2017-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201706-365	date:	2017-06-07T00:00:00
db:	NVD	id:	CVE-2017-6668	date:	2017-06-13T06:29:01.037