CVE-2011-4487

medium Cisco
CVSS v3 Base Score
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
0.3%
Exploitation probability in 30 days
Top 43% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: March 1, 2012 (5187 days ago)
Last Modified: April 29, 2026
Vendor: Cisco
Source: NVD

Description

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538.

CWE

CWE-89

Affected Products

cisco unified communications managercisco business edition 3000 softwarecisco business edition 3000cisco business edition 5000 softwarecisco business edition 5000cisco business edition 6000 softwarecisco business edition 6000

References

🔗 tools.cisco.com 🔗 tools.cisco.com