flowergugl.blogg.se - How to connect to cisco cucm 8.6 database

How to connect to cisco cucm 8.6 database full#
How to connect to cisco cucm 8.6 database software#

This vulnerability is documented in Cisco bug ID CSCuh01051 ( registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-3404. This metadata could be used to reconstruct encrypted credentials. An exploit could allow the attacker to use metadata to recreate encrypted information in the database. The first of the identified vulnerabilities could be exploited by an unauthenticated, remote attacker.

An exploit could allow the attacker to disclose or modify arbitrary information in the database.

An attacker could exploit this behavior by injecting SQL commands. SQL injection vulnerabilities are due to a failure to perform proper validation of user-supplied requests prior to being used to form an SQL query. The vulnerabilities may be exploited from an authenticated or unauthenticated context depending on the particular vulnerability. Cisco Unified Presence Server/Cisco IM and Presence ServiceĬisco Unified CM is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.īlind Structured Query Language Injection VulnerabilitiesĬisco Unified CM and associated products may contain one or more of the following blind SQL injection vulnerabilities.The following products are being investigated but have not yet been confirmed as vulnerable: Additional voice products may be affected by one or more of the individual vulnerabilities that are described in this advisory. Customers using Cisco Unified CM 8.0(x) versions should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified CM.Ĭisco Unified CM is the only product confirmed to be vulnerable to the documented attack.

How to connect to cisco cucm 8.6 database software#

Note: Cisco Unified CM version 8.0 reached the End of Software Maintenance on October 23, 2012.

Cisco Unified Communications Manager 9.1(x).

Cisco Unified Communications Manager 9.0(x).

Cisco Unified Communications Manager 8.6(x).

Cisco Unified Communications Manager 8.5(x).

Cisco Unified Communications Manager 7.1(x).

The following products are affected by the vulnerabilities that are described in this advisory: This advisory is available at the following link: Workarounds that mitigate these vulnerabilities are not available. Cisco is currently investigating the remaining vulnerabilities.

Blind Structured Query Language (SQL) injectionĬisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the opportunity to review and assist in product reports.Ĭisco has released a Cisco Options Package (COP) file that addresses three of the vulnerabilities documented in this advisory.

The attack chain used the following types of vulnerabilities: During the presentation, the researchers demonstrated a multistaged attack that chained a number of vulnerabilities, which resulted in a complete compromise of the Cisco Unified CM server.

On June 6, 2013, a French security firm, Lexfo, delivered a public presentation on VoIP security that included a demonstration of multiple vulnerabilities used to compromise Cisco Unified CM. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM.

How to connect to cisco cucm 8.6 database full#

Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system.