CVE-2017-6668: SQL Injection
First published: Tue Jun 13 2017(Updated: )
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Domain Manager Platform | =8.1\(7\)er1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6668?
CVE-2017-6668 is considered a critical SQL Injection vulnerability that can impact the confidentiality of Cisco Unified Communications Domain Manager systems.
How do I fix CVE-2017-6668?
To address CVE-2017-6668, apply the latest security patches and updates provided by Cisco for the affected version of Unified Communications Domain Manager.
Who is affected by CVE-2017-6668?
CVE-2017-6668 affects users of Cisco Unified Communications Domain Manager version 8.1(7)ER1.
What types of attacks are possible due to CVE-2017-6668?
An authenticated, remote attacker can exploit CVE-2017-6668 to execute arbitrary SQL queries against the database.
What is the impact of CVE-2017-6668?
The impact of CVE-2017-6668 can include unauthorized access to sensitive data and potential data manipulation.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/event
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications domain manager platform
- version/cisco unified communications domain manager platform/8.1\(7\)er1