Two vulnerabilities in Cisco Unified Communications Manager
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-6758 CVE-2017-6757 |
| CWE-ID | CWE-22 CWE-89 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Unified Communications Manager (CallManager) Server applications / Remote management servers, RDP, SSH |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU7673
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6758
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in the web framework of Cisco Unified Communications Manager due to insufficient input validation. A remote attacker can use directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem.
Successful exploitation of the vulnerability results in information disclosure.
The vulnerability is addressed in the following versions: UCMAP.12.0(0.98000.339), UCMAP.12.0(0.98000.338), UCMAP.11.6(2.10000.6), CUP.12.0(0.98000.1002), CUP.12.0(0.98000.1000), CUP.11.5(1.13900.42), CUC.12.0(0.97000.263.), CCM.12.0(0.98000.767), CCM.12.0(0.98000.765), CCM.11.5(1.13900.38).
Unified Communications Manager (CallManager): 11.5.1.10000.6
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) SQL injection
EUVDB-ID: #VU7674
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6757
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in Cisco Unified Communications Manager due to improper validation of user-supplied input. A remote attacker can send specially crafted URLs containing SQL statements, bypass protection filters and modify or delete entries in some database tables.
The vulnerability is addressed in the following versions: UCMAP.12.0(0.98000.338), UCMAP.11.6(2.10000.4), CUP.12.0(0.98000.1000), CUP.11.5(1.13900.35), CUC.12.0(0.97000.263.), CCM.12.0(0.98000.765), CCM.11.5(1.13900.35), CCM.11.5(1.13053.1), CCM.11.0(1.24076.1), CCM.10.5(2.16128.1).
Unified Communications Manager (CallManager): 10.5.2.10000.5 - 11.5.1.10000.6
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
