CVE-2011-4487

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

Published: Mar 1, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4487
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager	6.1(3a)	6.1(3a).x
cisco / unified_communications_manager	6.1(2)	6.1(2).x
cisco / unified_communications_manager	6.1(3b)su1	6.1(3b)su1.x
cisco / unified_communications_manager	6.0(1)	6.0(1).x
cisco / unified_communications_manager	6.1(2)su1a	6.1(2)su1a.x
cisco / unified_communications_manager	6.1(4)su1	6.1(4)su1.x
cisco / unified_communications_manager	6.1(4)	6.1(4).x
cisco / unified_communications_manager	6.1(5)su1	6.1(5)su1.x
cisco / unified_communications_manager	6.1(4a)	6.1(4a).x
cisco / unified_communications_manager	6.1(5)su2	6.1(5)su2.x
cisco / unified_communications_manager	6.1(3)	6.1(3).x
cisco / unified_communications_manager	6.1(4a)su2	6.1(4a)su2.x
cisco / unified_communications_manager	6.1(1)	6.1(1).x
cisco / unified_communications_manager	6.1(1b)	6.1(1b).x
cisco / unified_communications_manager	6.1(3b)	6.1(3b).x
cisco / unified_communications_manager	6.1(5)	6.1(5).x
cisco / unified_communications_manager	6.1(5)su3	6.1(5)su3.x
cisco / unified_communications_manager	6.0(1a)	6.0(1a).x
cisco / unified_communications_manager	6.0(1b)	6.0(1b).x
cisco / unified_communications_manager	6.1(2)su1	6.1(2)su1.x
cisco / unified_communications_manager	6.0	6.0.x
cisco / unified_communications_manager	6.1(1a)	6.1(1a).x
cisco / unified_communications_manager	7.1(2b)su1	7.1(2b)su1.x
cisco / unified_communications_manager	7.1(2b)	7.1(2b).x
cisco / unified_communications_manager	7.1(5b)su4	7.1(5b)su4.x
cisco / unified_communications_manager	7.1(3b)	7.1(3b).x
cisco / unified_communications_manager	7.1(2a)su1	7.1(2a)su1.x
cisco / unified_communications_manager	7.1(3b)su1	7.1(3b)su1.x
cisco / unified_communications_manager	7.1(3a)su1a	7.1(3a)su1a.x
cisco / unified_communications_manager	7.1(5b)su1	7.1(5b)su1.x
cisco / unified_communications_manager	7.1(5b)su3	7.1(5b)su3.x
cisco / unified_communications_manager	7.1(3)	7.1(3).x
cisco / unified_communications_manager	7.1(2a)	7.1(2a).x
cisco / unified_communications_manager	7.1(5b)	7.1(5b).x
cisco / unified_communications_manager	7.0(2a)	7.0(2a).x
cisco / unified_communications_manager	7.0(1)su1	7.0(1)su1.x
cisco / unified_communications_manager	7.0(1)su1a	7.0(1)su1a.x
cisco / unified_communications_manager	7.1(5b)su2	7.1(5b)su2.x
cisco / unified_communications_manager	7.1(5)	7.1(5).x
cisco / unified_communications_manager	7.1(5a)	7.1(5a).x
cisco / unified_communications_manager	7.0(2a)su2	7.0(2a)su2.x
cisco / unified_communications_manager	7.1(5b)su1a	7.1(5b)su1a.x
cisco / unified_communications_manager	7.1(5)su1a	7.1(5)su1a.x
cisco / unified_communications_manager	7.1(5)su1	7.1(5)su1.x
cisco / unified_communications_manager	7.1(3a)	7.1(3a).x
cisco / unified_communications_manager	7.0(2a)su1	7.0(2a)su1.x
cisco / unified_communications_manager	7.1(3a)su1	7.1(3a)su1.x
cisco / unified_communications_manager	7.0(2)	7.0(2).x
cisco / unified_communications_manager	7.1(3b)su2	7.1(3b)su2.x
cisco / unified_communications_manager	8.0(2c)	8.0(2c).x
cisco / unified_communications_manager	8.0(2)	8.0(2).x
cisco / unified_communications_manager	8.0(2b)	8.0(2b).x
cisco / unified_communications_manager	8.0(3a)su2	8.0(3a)su2.x
cisco / unified_communications_manager	8.0	8.0.x
cisco / unified_communications_manager	8.0(3)	8.0(3).x
cisco / unified_communications_manager	8.0(2a)	8.0(2a).x
cisco / unified_communications_manager	8.0(3a)	8.0(3a).x
cisco / unified_communications_manager	8.0(2c)su1	8.0(2c)su1.x
cisco / unified_communications_manager	8.0(1)	8.0(1).x
cisco / unified_communications_manager	8.0(3a)su1	8.0(3a)su1.x
cisco / unified_communications_manager	8.5(1)	8.5(1).x
cisco / unified_communications_manager	8.5(1)su2	8.5(1)su2.x
cisco / unified_communications_manager	8.5(1)su3	8.5(1)su3.x
cisco / unified_communications_manager	8.5	8.5.x
cisco / unified_communications_manager	8.5(1)su1	8.5(1)su1.x
cisco / unified_communications_manager	8.6(1)	8.6(1).x
cisco / unified_communications_manager	8.6(2)	8.6(2).x
cisco / unified_communications_manager	8.6(2a)	8.6(2a).x
cisco / unified_communications_manager	8.6	8.6.x
cisco / unified_communications_manager	8.6(1a)	8.6(1a).x
cisco / business_edition_3000_software	8.6(1)	8.6(1).x
cisco / business_edition_3000_software	8.6(1a)	8.6(1a).x
cisco / business_edition_3000_software	8.6(2a)	8.6(2a).x
cisco / business_edition_3000_software	8.6.2	8.6.2.x
cisco / business_edition_5000_software	8.5	8.5.x
cisco / business_edition_5000_software	8.5(1)	8.5(1).x
cisco / business_edition_5000_software	8.6	8.6.x
cisco / business_edition_5000_software	8.6(1)	8.6(1).x
cisco / business_edition_5000_software	8.6(1a)	8.6(1a).x
cisco / business_edition_5000_software	8.6(2)	8.6(2).x
cisco / business_edition_5000_software	8.6(2a)	8.6(2a).x
cisco / business_edition_6000_software	8.5(1)	8.5(1).x
cisco / business_edition_6000_software	8.5(1)su1	8.5(1)su1.x
cisco / business_edition_6000_software	8.5(1)su2	8.5(1)su2.x
cisco / business_edition_6000_software	8.5(1)su3	8.5(1)su3.x
cisco / business_edition_6000_software	8.5(1-2011o)	8.5(1-2011o).x
cisco / business_edition_6000_software	8.6(1)	8.6(1).x
cisco / business_edition_6000_software	8.6(1a)	8.6(1a).x
cisco / business_edition_6000_software	8.6(2)	8.6(2).x
cisco / business_edition_6000_software	8.6(2a)	8.6(2a).x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm

Vulnerability Database

289,689

CVE-2011-4487