Vulnerabilities in Cisco CallManager and Communications Manager
Network specialist Cisco warns in a security advisory of a vulnerability in Cisco CallManager and Unified Communications Manager. By manipulating variables on the admin and login pages, an attacker can inject JavaScript code or SQL commands. Under certain conditions these could then be executed in the user context, for instance when the user clicks on a specially crafted malicious link. According to Cisco, this vulnerability affects releases of the software prior to
- 3.3(5)sr2b
- 4.1(3)sr5
- 4.2(3)sr2
- 4.3(1)sr1
The current version number is revealed in the administration interface under Show/Software. The vendor has provided updated versions.
- XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page, security advisory from Cisco
(mba)