Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition.
Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control and session management. Cisco Unified (CM) supports industry standards, a wide range of gateways, and a broad ecosystem of third-party integrations and solutions plus partners.
The vulnerability CVE-2023-20010 resides in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME), an authenticated, remote attacker can trigger it to conduct SQL injection attacks on a vulnerable system.
“This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system.” reads the advisory published by the IT giant. “A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges.”
The flaw impacts Cisco Unified CM and Unified CM SME versions 11.5(1), 12.5(1), and 14. The company advises customers to upgrade to an appropriate fixed software release as reported in the following table:
Cisco Unified CM and Unified CM SME Release | First Fixed Release |
---|---|
11.5(1) | Migrate to a fixed release. |
12.5(1) | 12.5(1)SU7 |
14 | 14SU3 (Mar 2023) |
The company states that are no workarounds to address this vulnerability.
The flaw was discovered by Jason Crowder of the Cisco Advanced Security Initiatives Group (ASIG) and Skay@360 Noah-Lab.
The Cisco PSIRT is not aware of attacks in the wild exploiting this vulnerability.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, CVE-2023-20010)
[adrotate banner=”5″]
[adrotate banner=”13″]