[Nulled] » Information security » Cisco has announced fixes for a serious SQL vulnerability in Unified Communications Manager (CM)
January 23 2023

Cisco has announced fixes for a serious SQL vulnerability in Unified

Cisco has announced fixes for a serious SQL vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Developed as enterprise call and session management platforms, Cisco Unified CM and Unified CM SME ensure the compatibility of applications such as Webex, Jabber and others, as well as ensure their overall availability and security.

CVE-2023-20010 with a CVSS score of 8.1 is due to the fact that the data entered by the user is incorrectly checked in the platform management web interface.

The error allows an authenticated remote attacker to launch an SQL injection attack on a vulnerable system.

An attacker can take advantage of this vulnerability by logging into the application as a low-privilege user and sending the created SQL queries to the vulnerable system.

A successful exploit can allow an attacker to read or modify any data in the underlying database or elevate their privileges.

The bug affects Cisco Unified CM and Unified CM SME versions 11.5(1), 12.5(1) and 14, has been fixed in version 12.5(1)SU7.

The patch will also be included in version 14SU3, which is scheduled for release in March 2023.

Cisco also informed customers about the vulnerability of circumvention of URL filtering of moderate severity in the AsyncOS software for Email Security Appliance (ESA).

A remote attacker who is not authenticated can exploit the error through URLs.

This week Cisco also announced fixes for three medium-severity bugs in the Expressway Series and TelePresence Video Communication Server (VCS).

By affecting the APIs and web management interfaces of these products, vulnerabilities can be exploited by an authenticated remote attacker to write files or access sensitive data on a vulnerable device.

All Expressway Series and TelePresence VCS releases prior to 14.0.7 are vulnerable.

Cisco claims that it is not aware of the use of any of these vulnerabilities in real conditions.

Additional information about the shortcomings can be found in the safety recommendations.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:40
  • Publication category(s): Information security
  • Number of views of the publication: 194
  • Number of comments to the publication: 0

Related News

23 January 2023
Information security
Oracle has announced the

Oracle has announced the release of the first critical update in 2023, which includes 327 new security fixes. At

Read more
16 November 2022
Unisite-Board script»,General questions Unisite-Board
UniFied Board (Bulletin

UniFied Board (Bulletin Board) v4.7 The UniFied Board system is a universal CMS system for running a bulletin

Read more
16 January 2023
Information security
Most Cacti installations

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
16 January 2023
Information security
Well, hello in 2023!

Well, hello in 2023! It's time to get down to business again! The year has just begun, and a lot of events have

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +4 Total articles 6751
  • +15 Comments 4238
  • +31 Users : 6076