Medium severity4.3NVD Advisory· Published Nov 16, 2017· Updated May 13, 2026

CVE-2017-12302

Description

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682.

Affected products

Cisco Systems, Inc./Unified Communications Domain Manager4 versions
cpe:2.3:a:cisco:unified_communications_domain_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:cisco:unified_communications_domain_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_domain_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*
N/a/Cisco Unified Communications Managerv5
Range: Cisco Unified Communications Manager

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101853nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039826nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucmnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000