Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM

19-Jan-23

On Wednesday, Cisco released fixes for Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition to address a high-severity SQL injection vulnerability Cisco Unified CM and Unified CM SME, which are intended as enterprise call and session management systems, guarantee the compatibility of apps like Webex, Jabber, and more while upholding availability and security. The vulnerability, tracked as CVE-2023-20010 (CVSS score of 8.1), exists because user input in the platforms’ web-based administrative interface is not adequately checked. The flaw enables a remote, authorised attacker to attack a system that is susceptible with a SQL injection attack.

Read More…