CVE-2023-20010
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.
Una vulnerabilidad en la interfaz de administración basada en web de Cisco Unified Communications Manager (Unified CM) y Cisco Unified Communications Manager Session Management Edition (Unified CM SME) podría permitir que un atacante remoto autenticado realice ataques de inyección SQL en un sistema afectado. Esta vulnerabilidad existe porque la interfaz de administración basada en web no valida adecuadamente la entrada del usuario. Un atacante podría aprovechar esta vulnerabilidad autenticándose en la aplicación como un usuario con pocos privilegios y enviando consultas SQL manipuladas a un sistema afectado. Un exploit exitoso podría permitir al atacante leer o modificar cualquier dato en la base de datos subyacente o elevar sus privilegios.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-27 CVE Reserved
- 2023-01-19 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | < 12.5\(1\)su7 Search vendor "Cisco" for product "Unified Communications Manager" and version " < 12.5\(1\)su7" | session_management |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 11.5\(1\) < 12.5\(1\)su7 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 11.5\(1\) < 12.5\(1\)su7" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 14.0 < 14su2 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 14.0 < 14su2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 14.0 < 14su2 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 14.0 < 14su2" | session_management |
Affected
|