CVE-2008-0026
Cisco Unified Communications Manager 6.1 - 'key' SQL Injection
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
Una vulnerabilidad de la inyección SQL en Cisco Unified CallManager/Communications Manager (CUCM) versiones 5.0/5.1 anteriores a 5.1(3a) y versiones 6.0/6.1 anteriores a 6.1(1a), permite a los usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del parámetro key en las páginas de interfaz de (1) administrador y (2) usuario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-12-17 CVE Reserved
- 2008-02-13 CVE Published
- 2008-02-13 First Exploit
- 2024-08-07 CVE Updated
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/27775 | Vdb Entry | |
| http://www.securitytracker.com/id?1019404 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40484 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31189 | 2008-02-13 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28932 | 2017-08-08 | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml | 2017-08-08 | |
| http://www.vupen.com/english/advisories/2008/0542 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0 Search vendor "Cisco" for product "Unified Callmanager" and version "5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0\(1\) Search vendor "Cisco" for product "Unified Callmanager" and version "5.0\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0\(2\) Search vendor "Cisco" for product "Unified Callmanager" and version "5.0\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0\(3\) Search vendor "Cisco" for product "Unified Callmanager" and version "5.0\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0\(3a\) Search vendor "Cisco" for product "Unified Callmanager" and version "5.0\(3a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0\(4\) Search vendor "Cisco" for product "Unified Callmanager" and version "5.0\(4\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.0_4a Search vendor "Cisco" for product "Unified Callmanager" and version "5.0_4a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 5.1 Search vendor "Cisco" for product "Unified Callmanager" and version "5.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Callmanager Search vendor "Cisco" for product "Unified Callmanager" | 6.0 Search vendor "Cisco" for product "Unified Callmanager" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_1 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_2 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_3 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_3a Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_3a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_4 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_4a Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_4a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 5.0_4a_su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "5.0_4a_su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.0_1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.0_1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1" | - |
Affected
| ||||||