Summary: Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database.
Cisco has released free software updates that address this vulnerability.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0026 has been assigned to this vulnerability.
URL:
http://www.cisco.com/en/US/customer/products/products_security_advisory09186a0080949c7c.shtml (available to registered users)
http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
(available to non-registered users)
No comments:
Post a Comment