High severity8.8NVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026
CVE-2017-6757
CVE-2017-6757
Description
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCve13786.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/bid/100121nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039063nvdThird Party AdvisoryVDB Entry
- quickview.cloudapps.cisco.com/quickview/bug/CSCve13786nvdVendor Advisory
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucmnvdVendor Advisory
News mentions
0No linked articles in our index yet.