VAR-201504-0279
Vulnerability from variot - Updated: 2024-02-13 23:04SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vendors have confirmed this vulnerability Bug ID CSCut21563 It is released as.By any third party SQL The command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCut21563. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Interactive Voice Response (IVR) is a component that provides an open, extensible, feature-rich foundation for creating and delivering IVR (Interactive Voice Response) applications. There is a SQL injection vulnerability in the IVR component of CUCM 10.5 (1.98991.13), which is caused by the fact that the program does not fully validate the input submitted by the user before constructing the SQL query statement
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1.98991.13\\)"
},
{
"model": "unified communications domain manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(1.98991.13)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1.98991.13)"
}
],
"sources": [
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_domain_manager:10.5\\(1.98991.13\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "71432"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0699",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78645",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0699",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-277",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78645",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0699",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. Vendors have confirmed this vulnerability Bug ID CSCut21563 It is released as.By any third party SQL The command may be executed. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nThis issue being tracked by Cisco Bug ID CSCut21563. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. Interactive Voice Response (IVR) is a component that provides an open, extensible, feature-rich foundation for creating and delivering IVR (Interactive Voice Response) applications. There is a SQL injection vulnerability in the IVR component of CUCM 10.5 (1.98991.13), which is caused by the fact that the program does not fully validate the input submitted by the user before constructing the SQL query statement",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0699"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0699",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1032134",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277",
"trust": 0.7
},
{
"db": "BID",
"id": "71432",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78645",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0699",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"id": "VAR-201504-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T23:04:09.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "38366",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38366"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38366"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032134"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0699"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0699"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78645"
},
{
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"db": "BID",
"id": "71432"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-15T00:00:00",
"db": "VULHUB",
"id": "VHN-78645"
},
{
"date": "2015-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"date": "2015-04-15T00:00:00",
"db": "BID",
"id": "71432"
},
{
"date": "2015-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"date": "2015-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"date": "2015-04-15T10:59:05.440000",
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-06T00:00:00",
"db": "VULHUB",
"id": "VHN-78645"
},
{
"date": "2017-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0699"
},
{
"date": "2015-04-15T00:00:00",
"db": "BID",
"id": "71432"
},
{
"date": "2015-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002288"
},
{
"date": "2015-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-277"
},
{
"date": "2017-01-06T16:31:52.810000",
"db": "NVD",
"id": "CVE-2015-0699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Manager of Interactive Voice Response In the component SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002288"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-277"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…