CVE-2011-1609: SQL Injection
First published: Tue May 03 2011(Updated: )
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =6.1\(3a\) | |
| Cisco Unified Communications Manager | =6.1\(2\) | |
| Cisco Unified Communications Manager | =6.1\(3b\)su1 | |
| Cisco Unified Communications Manager | =6.1\(2\)su1a | |
| Cisco Unified Communications Manager | =6.1\(4\)su1 | |
| Cisco Unified Communications Manager | =6.1\(4\) | |
| Cisco Unified Communications Manager | =6.1\(5\)su1 | |
| Cisco Unified Communications Manager | =6.1\(4a\) | |
| Cisco Unified Communications Manager | =6.1\(3\) | |
| Cisco Unified Communications Manager | =6.1\(4a\)su2 | |
| Cisco Unified Communications Manager | =6.1\(1\) | |
| Cisco Unified Communications Manager | =6.1\(1b\) | |
| Cisco Unified Communications Manager | =6.1\(3b\) | |
| Cisco Unified Communications Manager | =6.1\(5\) | |
| Cisco Unified Communications Manager | =6.1\(2\)su1 | |
| Cisco Unified Communications Manager | =6.0 | |
| Cisco Unified Communications Manager | =6.1\(1a\) | |
| Cisco Unified Communications Manager | =7.1\(2b\) | |
| Cisco Unified Communications Manager | =7.1\(3b\) | |
| Cisco Unified Communications Manager | =7.1\(2a\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3b\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\)su1a | |
| Cisco Unified Communications Manager | =7.1\(3\) | |
| Cisco Unified Communications Manager | =7.1\(2a\) | |
| Cisco Unified Communications Manager | =7.1\(5b\) | |
| Cisco Unified Communications Manager | =7.0\(2a\) | |
| Cisco Unified Communications Manager | =7.0\(1\)su1 | |
| Cisco Unified Communications Manager | =7.0\(1\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5\) | |
| Cisco Unified Communications Manager | =7.1\(5a\) | |
| Cisco Unified Communications Manager | =7.0\(2a\)su2 | |
| Cisco Unified Communications Manager | =7.1\(5\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\) | |
| Cisco Unified Communications Manager | =7.0\(2a\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\)su1 | |
| Cisco Unified Communications Manager | =7.0\(2\) | |
| Cisco Unified Communications Manager | =7.1\(3b\)su2 | |
| Cisco Unified Communications Manager | =8.0\(2c\) | |
| Cisco Unified Communications Manager | =8.0\(3a\)su2 | |
| Cisco Unified Communications Manager | =8.0\(3\) | |
| Cisco Unified Communications Manager | =8.5 | |
| Cisco Unified Communications Manager | =8.0\(3a\) | |
| Cisco Unified Communications Manager | =8.0\(2c\)su1 | |
| Cisco Unified Communications Manager | =8.0\(3a\)su1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
- http://secunia.com/advisories/44331
- http://www.securityfocus.com/bid/47605
- http://www.securitytracker.com/id?1025449
- http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
- http://www.vupen.com/english/advisories/2011/1122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67125
Frequently Asked Questions
What is the severity of CVE-2011-1609?
CVE-2011-1609 is classified as a high-severity SQL injection vulnerability allowing remote authenticated users to execute arbitrary SQL commands.
How do I fix CVE-2011-1609?
To fix CVE-2011-1609, upgrade your Cisco Unified Communications Manager to a version that is patched, specifically 6.1(5)su2, 7.1(5)su1, 8.0(3), or 8.5(1) or later.
Who is affected by CVE-2011-1609?
CVE-2011-1609 affects installations of Cisco Unified Communications Manager versions prior to 6.1(5)su2, 7.1(5)su1, 8.0(3), and 8.5(1).
What can be exploited in CVE-2011-1609?
CVE-2011-1609 can be exploited to execute arbitrary SQL commands, potentially leading to unauthorized database access or manipulation.
Is there a workaround for CVE-2011-1609?
Currently, the only effective mitigation for CVE-2011-1609 is to upgrade to the patched versions of Cisco Unified Communications Manager.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/6.0
- version/cisco unified communications manager/6.1\(1\)
- version/cisco unified communications manager/6.1\(1a\)
- version/cisco unified communications manager/6.1\(1b\)
- version/cisco unified communications manager/6.1\(2\)
- version/cisco unified communications manager/6.1\(2\)su1
- version/cisco unified communications manager/6.1\(2\)su1a
- version/cisco unified communications manager/6.1\(3\)
- version/cisco unified communications manager/6.1\(3a\)
- version/cisco unified communications manager/6.1\(3b\)
- version/cisco unified communications manager/6.1\(3b\)su1
- version/cisco unified communications manager/6.1\(4\)
- version/cisco unified communications manager/6.1\(4\)su1
- version/cisco unified communications manager/6.1\(4a\)
- version/cisco unified communications manager/6.1\(4a\)su2
- version/cisco unified communications manager/6.1\(5\)
- version/cisco unified communications manager/6.1\(5\)su1
- version/cisco unified communications manager/7.0\(1\)su1
- version/cisco unified communications manager/7.0\(1\)su1a
- version/cisco unified communications manager/7.0\(2\)
- version/cisco unified communications manager/7.0\(2a\)
- version/cisco unified communications manager/7.0\(2a\)su1
- version/cisco unified communications manager/7.0\(2a\)su2
- version/cisco unified communications manager/7.1\(2a\)
- version/cisco unified communications manager/7.1\(2a\)su1
- version/cisco unified communications manager/7.1\(2b\)
- version/cisco unified communications manager/7.1\(3\)
- version/cisco unified communications manager/7.1\(3a\)
- version/cisco unified communications manager/7.1\(3a\)su1
- version/cisco unified communications manager/7.1\(3a\)su1a
- version/cisco unified communications manager/7.1\(3b\)
- version/cisco unified communications manager/7.1\(3b\)su1
- version/cisco unified communications manager/7.1\(3b\)su2
- version/cisco unified communications manager/7.1\(5\)
- version/cisco unified communications manager/7.1\(5\)su1
- version/cisco unified communications manager/7.1\(5\)su1a
- version/cisco unified communications manager/7.1\(5a\)
- version/cisco unified communications manager/7.1\(5b\)
- version/cisco unified communications manager/8.0\(2c\)
- version/cisco unified communications manager/8.0\(2c\)su1
- version/cisco unified communications manager/8.0\(3\)
- version/cisco unified communications manager/8.0\(3a\)
- version/cisco unified communications manager/8.0\(3a\)su1
- version/cisco unified communications manager/8.0\(3a\)su2
- version/cisco unified communications manager/8.5