[Nulled] » Information security » Cisco has announced fixes for a serious SQL vulnerability in Unified Communications Manager (CM)
January 23 2023

Cisco has announced fixes for a serious SQL vulnerability in Unified

AdequateSchizo 23-01-2023, 12:40 Information security 189
0 comment

Cisco has announced fixes for a serious SQL vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Developed as enterprise call and session management platforms, Cisco Unified CM and Unified CM SME ensure the compatibility of applications such as Webex, Jabber and others, as well as ensure their overall availability and security.

CVE-2023-20010 with a CVSS score of 8.1 is due to the fact that the data entered by the user is incorrectly checked in the platform management web interface.

The error allows an authenticated remote attacker to launch an SQL injection attack on a vulnerable system.

An attacker can take advantage of this vulnerability by logging into the application as a low-privilege user and sending the created SQL queries to the vulnerable system.

A successful exploit can allow an attacker to read or modify any data in the underlying database or elevate their privileges.

The bug affects Cisco Unified CM and Unified CM SME versions 11.5(1), 12.5(1) and 14, has been fixed in version 12.5(1)SU7.

The patch will also be included in version 14SU3, which is scheduled for release in March 2023.

Cisco also informed customers about the vulnerability of circumvention of URL filtering of moderate severity in the AsyncOS software for Email Security Appliance (ESA).

A remote attacker who is not authenticated can exploit the error through URLs.

This week Cisco also announced fixes for three medium-severity bugs in the Expressway Series and TelePresence Video Communication Server (VCS).

By affecting the APIs and web management interfaces of these products, vulnerabilities can be exploited by an authenticated remote attacker to write files or access sensitive data on a vulnerable device.

All Expressway Series and TelePresence VCS releases prior to 14.0.7 are vulnerable.

Cisco claims that it is not aware of the use of any of these vulnerabilities in real conditions.

Additional information about the shortcomings can be found in the safety recommendations.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.
0 0

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:40
  • Publication category(s): Information security
  • Number of views of the publication: 189
  • Number of comments to the publication: 0

Related News

23 January 2023
Information security
Oracle has announced the

Oracle has announced the release of the first critical update in 2023, which includes 327 new security fixes. At

Read more
16 November 2022
Unisite-Board script»,General questions Unisite-Board
UniFied Board (Bulletin

UniFied Board (Bulletin Board) v4.7 The UniFied Board system is a universal CMS system for running a bulletin

Read more
16 January 2023
Information security
Most Cacti installations

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
16 January 2023
Information security
Well, hello in 2023!

Well, hello in 2023! It's time to get down to business again! The year has just begun, and a lot of events have

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Recent comments

How to get PREMIUM status - for FREE!
Your file will be of interest to users, but this is not enough for full access. Keep posting interesting content.
How to get PREMIUM status - for FREE!
Everything is written
How to get PREMIUM status - for FREE!
The administration will check and publish
How to get PREMIUM status - for FREE!
I uploaded the source codes of Sweet Bonanza 1000, one of the popular Pragmatic Play games. you can check.
How to get PREMIUM status - for FREE!
How to download script in this site

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Tag Cloud

1С-Bitrix Agency Template AI betting script betting software bitcoin blockchain booking booking system Business Oriented casino Casino Gaming software casino script Casino Script casino script full source code casino software cms crypto crypto casino Crypto Casino script crypto exchange script Cryptocurrency cryptocurrency exchange delivery delivery app DLE hacks DLE modules eCommerce eCommerce template education elementor FREE Group FREE Script gambling software games goldsvet Goldsvet goldsvet casino Goldsvet casino game goldsvet script HTML5 Casino HTML5 Slot hyip laravel listing Magazine Template Management marketing marketplace Mobile App multivendor nft online casino script Open Source php POS PREMIUM Group reactjs real estate Restaurant Website Roulette saas template trading bot trading platform WooCommerce wordpress wordpress plugin wordpress slider WordPress theme
Show all tags

Popular

Statistics

  • +14 Total articles 6747
  • +16 Comments 4077
  • +27 Users : 5845
Full statistics

Contacts

Subscribe

Moderator
Channel
Google
RSS