CVE-2017-6668

Description

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.

Risk Information

Base Score

4.9

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.204

Associated Vulnerability

Vulnerability	OS Platform
Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities For Cisco Hosted Collaboration Solution (HCS)	NCM
Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability (CVE-2017-6668)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706050	Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234