Exploit for #VU25029 SQL injection in Unified Communications Manager (CallManager)

Published: 2020-03-18

Vulnerability identifier: #VU25029

Vulnerability risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2019-15972

CWE-ID: CWE-89

Exploitation vector: Network

Exploits in database: 1

March 18, 2020
- Cisco-UCM-SQLi-Scripts (Scripts that can be used to exploit CVE-2019-15972 which was an Authenticated SQLi issue in Cisco Unified Call Manager (UCM).) [Github]

Vulnerable software:
Unified Communications Manager (CallManager)
Server applications / Remote management servers, RDP, SSH

Vendor: Cisco Systems, Inc