CVE-2017-3886
Last modified
CVE-2017-3886 is a vulnerability of currently unknown severity. A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. EPSS estimates a 1.88% chance of exploitation in the next 30 days.
Description
A vulnerability in the Cisco Unified Communications Manager web interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The attacker must be authenticated as an administrative user to execute SQL database queries. More Information: CSCvc74291. Known Affected Releases: 1.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 12.0(0.98000.619) 12.0(0.98000.485) 12.0(0.98000.212) 11.5(1.13035.1) 11.0(1.23900.5) 11.0(1.23900.2) 11.0(1.23067.1) 10.5(2.15900.2).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | 11.0\(1.10000.10\) |
| Cisco | Unified Communications Manager | 11.5\(1.10000.6\) |
References
- http://www.securityfocus.com/bid/97432Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/97432Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-3886?
How severe is CVE-2017-3886?
How do I fix CVE-2017-3886?
Are you affected by CVE-2017-3886?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST