Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-4634

Published: 31/08/2007 Updated: 29/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) prior to 3.3(5)sr2b, 4.1 prior to 4.1(3)sr5, 4.2 prior to 4.2(3)sr2, and 4.3 prior to 4.3(1)sr1 allow remote malicious users to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco unified communications manager 4.1\\(3\\)sr2

cisco unified communications manager 4.1\\(3\\)sr3

cisco unified communications manager 4.3

cisco unified communications manager 4.3\\(1\\)

cisco call manager 4.1\\(3\\)sr4

cisco call manager 4.2

cisco call manager 4.3\\(1\\)

cisco unified communications manager 4.1\\(3\\)

cisco unified communications manager 4.1\\(3\\)sr1

cisco unified communications manager 4.2.3

cisco unified communications manager 4.2.3sr1

cisco call manager 4.1\\(3\\)sr2

cisco call manager 4.1\\(3\\)sr3

cisco call manager 4.2\\(3\\)sr2

cisco call manager 4.3

cisco unified communications manager 3.3\\(5\\)sr1

cisco unified communications manager 3.3\\(5\\)sr2a

cisco unified communications manager 4.2.1

cisco unified communications manager 4.2.2

cisco call manager 3.3\\(5\\)sr2a

cisco call manager 4.1

cisco call manager 4.1\\(3\\)sr1

cisco call manager 4.2\\(3\\)

cisco call manager 4.2\\(3\\)sr1

cisco unified communications manager 3.3\\(5\\)

cisco unified communications manager 4.1\\(3\\)sr4

cisco unified communications manager 4.2

cisco call manager 3.3\\(5\\)sr1

cisco call manager 3.3\\(5\\)sr2

cisco call manager 4.2\\(1\\)

cisco call manager 4.2\\(2\\)

Exploits

Exploit DB: Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection
source: wwwsecurityfocuscom/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input These issues include a cross-site scripting vulnerability and an SQL-injection vulnerability A successful e ...

References

CWE-89http://www.cisco.com/en/US/products/products_security_advisory09186a00808ae327.shtmlhttp://www.securityfocus.com/bid/25480http://securitytracker.com/id?1018624http://secunia.com/advisories/26641http://www.vupen.com/english/advisories/2007/3010https://exchange.xforce.ibmcloud.com/vulnerabilities/36326https://nvd.nist.govhttps://www.exploit-db.com/exploits/30541/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook