安全研究

安全漏洞
Cisco Unified Communications Manager SCCP SQL注入漏洞(CVE-2011-4487)

发布日期:2012-02-29
更新日期:2012-03-01

受影响系统:
Cisco Unified Communications Manager Not Vulnerable:     8.6(2a)su1
Cisco Unified Communications Manager 8.x
Cisco Unified Communications Manager 8.x
Cisco Unified Communications Manager 8.6
Cisco Unified Communications Manager 8.6
Cisco Unified Communications Manager 8.5(1)SU2
Cisco Unified Communications Manager 8.5(1)SU2
Cisco Unified Communications Manager 8.5(1)SU2
Cisco Unified Communications Manager 8.5(1)SU1
Cisco Unified Communications Manager 8.5(1)
Cisco Unified Communications Manager 8.5(1)
Cisco Unified Communications Manager 8.5
Cisco Unified Communications Manager 8.0(3a)su3
Cisco Unified Communications Manager 8.0(3a)su3
Cisco Unified Communications Manager 8.0(3a)SU2
Cisco Unified Communications Manager 8.0(3a)SU2
Cisco Unified Communications Manager 8.0(3a)su1
Cisco Unified Communications Manager 8.0(3a)
Cisco Unified Communications Manager 8.0(3a)
Cisco Unified Communications Manager 8.0(3)
Cisco Unified Communications Manager 8.0(3)
Cisco Unified Communications Manager 8.0(2C)Su1
Cisco Unified Communications Manager 8.0(2C)
Cisco Unified Communications Manager 8.0(1)
Cisco Unified Communications Manager 8.0(0.98000.106)
Cisco Unified Communications Manager 7.1(5b)su5
Cisco Unified Communications Manager 7.1(5b)SU4
Cisco Unified Communications Manager 7.1(5b)SU4
Cisco Unified Communications Manager 7.1(5b)su3
Cisco Unified Communications Manager 7.1(5b)SU2
Cisco Unified Communications Manager 7.1(5b)SU2
Cisco Unified Communications Manager 7.1(5b)SU2
Cisco Unified Communications Manager 7.1(5B)
Cisco Unified Communications Manager 7.1(5A)
Cisco Unified Communications Manager 7.1(5)Su1a
Cisco Unified Communications Manager 7.1(5)Su1
Cisco Unified Communications Manager 7.1(5)
Cisco Unified Communications Manager 7.1(3b)su2
Cisco Unified Communications Manager 7.1(3b)su1
Cisco Unified Communications Manager 7.1(3B)
Cisco Unified Communications Manager 7.1(3A)Su1a
Cisco Unified Communications Manager 7.1(3a)su1
Cisco Unified Communications Manager 7.1(3A)
Cisco Unified Communications Manager 7.1(3)
Cisco Unified Communications Manager 7.1(2B)Su1
Cisco Unified Communications Manager 7.1(2B)
Cisco Unified Communications Manager 7.1(2a)su1
Cisco Unified Communications Manager 7.1(2a)SU1  
Cisco Unified Communications Manager 7.1(2A)
Cisco Unified Communications Manager 7.1(2)
Cisco Unified Communications Manager 7.1(2)
Cisco Unified Communications Manager 7.1
Cisco Unified Communications Manager 7.0(3g)
Cisco Unified Communications Manager 7.0(2a)SU3
Cisco Unified Communications Manager 7.0(2a)SU3
Cisco Unified Communications Manager 7.0(2A)Su2
Cisco Unified Communications Manager 7.0(2a)su1
Cisco Unified Communications Manager 7.0(2A)
Cisco Unified Communications Manager 7.0(2)
Cisco Unified Communications Manager 7.0(2)
Cisco Unified Communications Manager 7.0(2)
Cisco Unified Communications Manager 7.0(1)Su1a
Cisco Unified Communications Manager 7.0(1)Su1
Cisco Unified Communications Manager 7.0
Cisco Unified Communications Manager 6.1(5)SU3
Cisco Unified Communications Manager 6.1(5)SU3
Cisco Unified Communications Manager 6.1(5)SU2
Cisco Unified Communications Manager 6.1(5)SU2
Cisco Unified Communications Manager 6.1(5)SU1  
Cisco Unified Communications Manager 6.1(5)SU1
Cisco Unified Communications Manager 6.1(5)
Cisco Unified Communications Manager 6.1(4A)Su2
Cisco Unified Communications Manager 6.1(4A)
Cisco Unified Communications Manager 6.1(4)Su1
Cisco Unified Communications Manager 6.1(4)
Cisco Unified Communications Manager 6.1(4)
Cisco Unified Communications Manager 6.1(3B)
Cisco Unified Communications Manager 6.1(3A)
Cisco Unified Communications Manager 6.1(3)
Cisco Unified Communications Manager 6.1(3)
Cisco Unified Communications Manager 6.1(3)
Cisco Unified Communications Manager 6.1(3)
Cisco Unified Communications Manager 6.1(2)Su1a
Cisco Unified Communications Manager 6.1(2)SU1
Cisco Unified Communications Manager 6.1(2)
Cisco Unified Communications Manager 6.1(2)
Cisco Unified Communications Manager 6.1(1B)
Cisco Unified Communications Manager 6.1(1a)
Cisco Unified Communications Manager 6.1(1)
Cisco Unified Communications Manager 6.1(1)
Cisco Unified Communications Manager 6.1 (3b)su1
Cisco Unified Communications Manager 6.1 (2)su1
Cisco Unified Communications Manager 6.1
Cisco Unified Communications Manager 6.0(1)
Cisco Unified Communications Manager 6.0 (1a)
Cisco Unified Communications Manager 5.1(3g)  
Cisco Unified Communications Manager 5.1(3e)
Cisco Unified Communications Manager 5.1(3e)
Cisco Unified Communications Manager 5.1(3d)
Cisco Unified Communications Manager 5.1(3)
Cisco Unified Communications Manager 4.3(2)SR1b
Cisco Unified Communications Manager 4.3(2)sr1a
Cisco Unified Communications Manager 4.3(2)SR1
Cisco Unified Communications Manager 4.3(2)
Cisco Unified Communications Manager 4.2(3)SR4b
不受影响系统:
Cisco Unified Communications Manager 8.0(3)
Cisco Unified Communications Manager 7.1(5b)SU4
Cisco Unified Communications Manager 7.1(5b)SU2
Cisco Unified Communications Manager 6.1(5)SU2
描述:
BUGTRAQ  ID: 52213
CVE ID: CVE-2011-4487

Cisco Unified Communications Manager是Cisco IP Telephony解决方案的呼叫处理组件。

Cisco Unified Communications Manager在注册期间处理特制的SCCP消息时存在SQL代码盲注执行漏洞,可使攻击者修改某些SQL数据库的某些段,控制受影响设备。

<*来源:Sandro Gauci
  
  链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm#details
*>

建议:
厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20120229-cucm#details)以及相应补丁:

cisco-sa-20120229-cucm#details:Cisco Unified Communications Manager Skinny Client Control Protocol Vulnerabilities

链接:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm#details

浏览次数:2816
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客