Vigil@nce - Cisco Unified CM: multiple vulnerabilities
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Cisco Unified CM.
Impacted products: Cisco CUCM
Severity: 2/4
Creation date: 17/07/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Cisco Unified CM.
An attacker can use a SQL injection, in order to read or alter
data. [severity:2/4; BID-61292, CSCuh01051, CVE-2013-3404]
An attacker can use a SQL injection, in order to read or alter
data. [severity:2/4; BID-61295, CSCuh81766, CVE-2013-3412]
An encryption key is hardcoded. [severity:2/4; BID-61364,
CSCsc69187, CSCui01756, CVE-2013-4869]
An attacker can inject commands in the database, in order to
escalate his privileges. [severity:2/4; BID-61293, CSCuh73440,
CVE-2013-3402]
An attacker can alter a script, in order to escalate his
privileges. [severity:2/4; CSCuh73454, CSCuh87042, CVE-2013-3403]
An attacker can alter a script, in order to escalate his
privileges. [severity:2/4; BID-61296, CSCui02242, CVE-2013-3434]
An attacker can alter a script, in order to escalate his
privileges. [severity:2/4; BID-61297, CSCui02276, CVE-2013-3433]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Unified-CM-multiple-vulnerabilities-13140