CVE-2011-4487: SQL Injection
First published: Thu Mar 01 2012(Updated: )
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =6.1\(3a\) | |
| Cisco Unified Communications Manager | =6.1\(2\) | |
| Cisco Unified Communications Manager | =6.1\(3b\)su1 | |
| Cisco Unified Communications Manager | =6.0\(1\) | |
| Cisco Unified Communications Manager | =6.1\(2\)su1a | |
| Cisco Unified Communications Manager | =6.1\(4\)su1 | |
| Cisco Unified Communications Manager | =6.1\(4\) | |
| Cisco Unified Communications Manager | =6.1\(5\)su1 | |
| Cisco Unified Communications Manager | =6.1\(4a\) | |
| Cisco Unified Communications Manager | =6.1\(5\)su2 | |
| Cisco Unified Communications Manager | =6.1\(3\) | |
| Cisco Unified Communications Manager | =6.1\(4a\)su2 | |
| Cisco Unified Communications Manager | =6.1\(1\) | |
| Cisco Unified Communications Manager | =6.1\(1b\) | |
| Cisco Unified Communications Manager | =6.1\(3b\) | |
| Cisco Unified Communications Manager | =6.1\(5\) | |
| Cisco Unified Communications Manager | =6.1\(5\)su3 | |
| Cisco Unified Communications Manager | =6.0\(1a\) | |
| Cisco Unified Communications Manager | =6.0\(1b\) | |
| Cisco Unified Communications Manager | =6.1\(2\)su1 | |
| Cisco Unified Communications Manager | =6.0 | |
| Cisco Unified Communications Manager | =6.1\(1a\) | |
| Cisco Unified Communications Manager | =7.1\(2b\)su1 | |
| Cisco Unified Communications Manager | =7.1\(2b\) | |
| Cisco Unified Communications Manager | =7.1\(5b\)su4 | |
| Cisco Unified Communications Manager | =7.1\(3b\) | |
| Cisco Unified Communications Manager | =7.1\(2a\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3b\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5b\)su1 | |
| Cisco Unified Communications Manager | =7.1\(5b\)su3 | |
| Cisco Unified Communications Manager | =7.1\(3\) | |
| Cisco Unified Communications Manager | =7.1\(2a\) | |
| Cisco Unified Communications Manager | =7.1\(5b\) | |
| Cisco Unified Communications Manager | =7.0\(2a\) | |
| Cisco Unified Communications Manager | =7.0\(1\)su1 | |
| Cisco Unified Communications Manager | =7.0\(1\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5b\)su2 | |
| Cisco Unified Communications Manager | =7.1\(5\) | |
| Cisco Unified Communications Manager | =7.1\(5a\) | |
| Cisco Unified Communications Manager | =7.0\(2a\)su2 | |
| Cisco Unified Communications Manager | =7.1\(5b\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\) | |
| Cisco Unified Communications Manager | =7.0\(2a\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\)su1 | |
| Cisco Unified Communications Manager | =7.0\(2\) | |
| Cisco Unified Communications Manager | =7.1\(3b\)su2 | |
| Cisco Unified Communications Manager | =8.0\(2c\) | |
| Cisco Unified Communications Manager | =8.0\(2\) | |
| Cisco Unified Communications Manager | =8.0\(2b\) | |
| Cisco Unified Communications Manager | =8.0\(3a\)su2 | |
| Cisco Unified Communications Manager | =8.0 | |
| Cisco Unified Communications Manager | =8.0\(3\) | |
| Cisco Unified Communications Manager | =8.0\(2a\) | |
| Cisco Unified Communications Manager | =8.0\(3a\) | |
| Cisco Unified Communications Manager | =8.0\(2c\)su1 | |
| Cisco Unified Communications Manager | =8.0\(1\) | |
| Cisco Unified Communications Manager | =8.0\(3a\)su1 | |
| Cisco Unified Communications Manager | =8.5\(1\) | |
| Cisco Unified Communications Manager | =8.5\(1\)su2 | |
| Cisco Unified Communications Manager | =8.5\(1\)su3 | |
| Cisco Unified Communications Manager | =8.5 | |
| Cisco Unified Communications Manager | =8.5\(1\)su1 | |
| Cisco Unified Communications Manager | =8.6\(1\) | |
| Cisco Unified Communications Manager | =8.6\(2\) | |
| Cisco Unified Communications Manager | =8.6\(2a\) | |
| Cisco Unified Communications Manager | =8.6 | |
| Cisco Unified Communications Manager | =8.6\(1a\) | |
| Cisco Business Edition 3000 | =8.6\(1\) | |
| Cisco Business Edition 3000 | =8.6\(1a\) | |
| Cisco Business Edition 3000 | =8.6\(2a\) | |
| Cisco Business Edition 3000 | =8.6.2 | |
| Cisco Business Edition 3000 Software | ||
| Cisco Business Edition 5000 | =8.5 | |
| Cisco Business Edition 5000 | =8.5\(1\) | |
| Cisco Business Edition 5000 | =8.6 | |
| Cisco Business Edition 5000 | =8.6\(1\) | |
| Cisco Business Edition 5000 | =8.6\(1a\) | |
| Cisco Business Edition 5000 | =8.6\(2\) | |
| Cisco Business Edition 5000 | =8.6\(2a\) | |
| Cisco Business Edition 5000 Software | ||
| Cisco Business Edition 6000 | =8.5\(1\) | |
| Cisco Business Edition 6000 | =8.5\(1\)su1 | |
| Cisco Business Edition 6000 | =8.5\(1\)su2 | |
| Cisco Business Edition 6000 | =8.5\(1\)su3 | |
| Cisco Business Edition 6000 | =8.5\(1-2011o\) | |
| Cisco Business Edition 6000 | =8.6\(1\) | |
| Cisco Business Edition 6000 | =8.6\(1a\) | |
| Cisco Business Edition 6000 | =8.6\(2\) | |
| Cisco Business Edition 6000 | =8.6\(2a\) | |
| Cisco Business Edition 6000 Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-4487?
CVE-2011-4487 is considered a critical vulnerability due to its potential for remote exploitation.
How do I fix CVE-2011-4487?
To resolve CVE-2011-4487, ensure that your Cisco Unified Communications Manager is updated to a version that contains the security patches provided by Cisco.
What software versions are affected by CVE-2011-4487?
CVE-2011-4487 affects Cisco Unified Communications Manager versions 6.x, 7.x, and specific versions of Cisco Business Edition 3000, 5000, and 6000.
Can CVE-2011-4487 be exploited remotely?
Yes, CVE-2011-4487 allows remote attackers to exploit a SQL injection vulnerability without authentication.
Is there a workaround for CVE-2011-4487?
While upgrading is the recommended fix, restricting access to affected servers and implementing firewall rules can serve as temporary mitigating controls for CVE-2011-4487.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-index
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/6.1\(3a\)
- version/cisco unified communications manager/6.1\(2\)
- version/cisco unified communications manager/6.1\(3b\)su1
- version/cisco unified communications manager/6.0\(1\)
- version/cisco unified communications manager/6.1\(2\)su1a
- version/cisco unified communications manager/6.1\(4\)su1
- version/cisco unified communications manager/6.1\(4\)
- version/cisco unified communications manager/6.1\(5\)su1
- version/cisco unified communications manager/6.1\(4a\)
- version/cisco unified communications manager/6.1\(5\)su2
- version/cisco unified communications manager/6.1\(3\)
- version/cisco unified communications manager/6.1\(4a\)su2
- version/cisco unified communications manager/6.1\(1\)
- version/cisco unified communications manager/6.1\(1b\)
- version/cisco unified communications manager/6.1\(3b\)
- version/cisco unified communications manager/6.1\(5\)
- version/cisco unified communications manager/6.1\(5\)su3
- version/cisco unified communications manager/6.0\(1a\)
- version/cisco unified communications manager/6.0\(1b\)
- version/cisco unified communications manager/6.1\(2\)su1
- version/cisco unified communications manager/6.0
- version/cisco unified communications manager/6.1\(1a\)
- version/cisco unified communications manager/7.1\(2b\)su1
- version/cisco unified communications manager/7.1\(2b\)
- version/cisco unified communications manager/7.1\(5b\)su4
- version/cisco unified communications manager/7.1\(3b\)
- version/cisco unified communications manager/7.1\(2a\)su1
- version/cisco unified communications manager/7.1\(3b\)su1
- version/cisco unified communications manager/7.1\(3a\)su1a
- version/cisco unified communications manager/7.1\(5b\)su1
- version/cisco unified communications manager/7.1\(5b\)su3
- version/cisco unified communications manager/7.1\(3\)
- version/cisco unified communications manager/7.1\(2a\)
- version/cisco unified communications manager/7.1\(5b\)
- version/cisco unified communications manager/7.0\(2a\)
- version/cisco unified communications manager/7.0\(1\)su1
- version/cisco unified communications manager/7.0\(1\)su1a
- version/cisco unified communications manager/7.1\(5b\)su2
- version/cisco unified communications manager/7.1\(5\)
- version/cisco unified communications manager/7.1\(5a\)
- version/cisco unified communications manager/7.0\(2a\)su2
- version/cisco unified communications manager/7.1\(5b\)su1a
- version/cisco unified communications manager/7.1\(5\)su1a
- version/cisco unified communications manager/7.1\(5\)su1
- version/cisco unified communications manager/7.1\(3a\)
- version/cisco unified communications manager/7.0\(2a\)su1
- version/cisco unified communications manager/7.1\(3a\)su1
- version/cisco unified communications manager/7.0\(2\)
- version/cisco unified communications manager/7.1\(3b\)su2
- version/cisco unified communications manager/8.0\(2c\)
- version/cisco unified communications manager/8.0\(2\)
- version/cisco unified communications manager/8.0\(2b\)
- version/cisco unified communications manager/8.0\(3a\)su2
- version/cisco unified communications manager/8.0
- version/cisco unified communications manager/8.0\(3\)
- version/cisco unified communications manager/8.0\(2a\)
- version/cisco unified communications manager/8.0\(3a\)
- version/cisco unified communications manager/8.0\(2c\)su1
- version/cisco unified communications manager/8.0\(1\)
- version/cisco unified communications manager/8.0\(3a\)su1
- version/cisco unified communications manager/8.5\(1\)
- version/cisco unified communications manager/8.5\(1\)su2
- version/cisco unified communications manager/8.5\(1\)su3
- version/cisco unified communications manager/8.5
- version/cisco unified communications manager/8.5\(1\)su1
- version/cisco unified communications manager/8.6\(1\)
- version/cisco unified communications manager/8.6\(2\)
- version/cisco unified communications manager/8.6\(2a\)
- version/cisco unified communications manager/8.6
- version/cisco unified communications manager/8.6\(1a\)
- canonical/cisco business edition 3000
- version/cisco business edition 3000/8.6\(1\)
- version/cisco business edition 3000/8.6\(1a\)
- version/cisco business edition 3000/8.6\(2a\)
- version/cisco business edition 3000/8.6.2
- canonical/cisco business edition 3000 software
- canonical/cisco business edition 5000
- version/cisco business edition 5000/8.5
- version/cisco business edition 5000/8.5\(1\)
- version/cisco business edition 5000/8.6
- version/cisco business edition 5000/8.6\(1\)
- version/cisco business edition 5000/8.6\(1a\)
- version/cisco business edition 5000/8.6\(2\)
- version/cisco business edition 5000/8.6\(2a\)
- canonical/cisco business edition 5000 software
- canonical/cisco business edition 6000
- version/cisco business edition 6000/8.5\(1\)
- version/cisco business edition 6000/8.5\(1\)su1
- version/cisco business edition 6000/8.5\(1\)su2
- version/cisco business edition 6000/8.5\(1\)su3
- version/cisco business edition 6000/8.5\(1-2011o\)
- version/cisco business edition 6000/8.6\(1\)
- version/cisco business edition 6000/8.6\(1a\)
- version/cisco business edition 6000/8.6\(2\)
- version/cisco business edition 6000/8.6\(2a\)
- canonical/cisco business edition 6000 software