CVE-2011-1610
Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
Múltiples vulnerabilidades de inyección SQL en xmldirectorylist.jsp incrustado en el componente del Servidor Apache HTTP en Cisco Unified Communications Manager (también conocido como CUCM o CallManager) v6.x antes de v6.1(5)su3, v7.x antes de 7.1(5)su4, v8.0 antes de v8.0(3a)su2, y v8.5 antes de v8.5(1)su1 permite a atacantes remotos ejecutar comandos SQL a través de los parámetros (1) f, (2) l, o (3) n, también conocido como ID de error CSCtj42064.
This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. The xmldirectorylist.jsp file does not properly validate the f, l, and n parameters before passing them to the database. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database.
*Credits:
Sven Taute
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-04-05 CVE Reserved
- 2011-04-28 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html | Mailing List | |
| http://secunia.com/advisories/44331 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/517727/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/47607 | Vdb Entry | |
| http://www.securitytracker.com/id?1025449 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/1122 | Vdb Entry | |
| http://zerodayinitiative.com/advisories/ZDI-11-143 | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67126 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(1\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(1a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(1a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(1b\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(1b\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(2\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(2\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(2\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(2\)su1a Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(2\)su1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(3\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(3a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(3a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(3b\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(3b\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(3b\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(3b\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(4\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(4\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(4\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(4\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(4a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(4a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(4a\)su2 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(4a\)su2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(5\) Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(5\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(5\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(5\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 6.1\(5\)su2 Search vendor "Cisco" for product "Unified Communications Manager" and version "6.1\(5\)su2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.0\(1\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.0\(1\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.0\(1\)su1a Search vendor "Cisco" for product "Unified Communications Manager" and version "7.0\(1\)su1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.0\(2\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.0\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.0\(2a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.0\(2a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.0\(2a\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.0\(2a\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.0\(2a\)su2 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.0\(2a\)su2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(2a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(2a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(2a\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(2a\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(2b\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(2b\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(2b\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(2b\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3a\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3a\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3a\)su1a Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3a\)su1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3b\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3b\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3b\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3b\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(3b\)su2 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(3b\)su2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5\)su1a Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5\)su1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5b\) Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5b\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5b\)su2 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5b\)su2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 7.1\(5b\)su3 Search vendor "Cisco" for product "Unified Communications Manager" and version "7.1\(5b\)su3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 8.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "8.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 8.0\(2c\) Search vendor "Cisco" for product "Unified Communications Manager" and version "8.0\(2c\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 8.0\(2c\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "8.0\(2c\)su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 8.0\(3\) Search vendor "Cisco" for product "Unified Communications Manager" and version "8.0\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 8.0\(3a\) Search vendor "Cisco" for product "Unified Communications Manager" and version "8.0\(3a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 8.0\(3a\)su1 Search vendor "Cisco" for product "Unified Communications Manager" and version "8.0\(3a\)su1" | - |
Affected
| ||||||