Cisco Unified Communications Manager SQL注入漏洞(CVE-2018-0120)
Cisco Unified Communications Manager SQL注入漏洞(CVE-2018-0120)
Cisco Unified Communications Manager SQL注入漏洞(CVE-2018-0120)
发布日期:2018-01-26
更新日期:2018-02-18
受影响系统:
Cisco Unified Communications Manager
描述:
BUGTRAQ ID: 102958
CVE(CAN) ID: CVE-2018-0120
Cisco Unified Communications Manager是企业级IP电话呼叫处理系统。
Cisco Unified Communications Manager在Web框架实现中存在安全漏洞,可使经身份验证的远程攻击者针对受影响系统执行SQL注入攻击。此漏洞源于受影响软件未正确验证用户输入。
<*来源:Cisco
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm
*>
建议:
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20180207-cucm)以及相应补丁:
cisco-sa-20180207-cucm:Cisco Unified Communications Manager SQL Injection Vulnerability
链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm
本文永久更新链接地址:https://www.bkjia.com/Linux/2018-02/150986.htm
评论暂时关闭