Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM By Orbit Brain January 20, 2023 0 356 views Dwelling › VulnerabilitiesCisco Patches Excessive-Severity SQL Injection Vulnerability in Unified CMBy Ionut Arghire on January 19, 2023TweetCisco on Wednesday introduced patches for a high-severity SQL injection vulnerability in Unified Communications Supervisor (CM) and Unified Communications Supervisor Session Administration Version (CM SME).Designed as enterprise name and session administration platforms, Cisco Unified CM and Unified CM SME make sure the interoperability of purposes reminiscent of Webex, Jabber, and extra, whereas additionally sustaining availability and safety.Tracked as CVE-2023-20010 (CVSS rating of 8.1), the vulnerability exists as a result of consumer enter is badly validated within the web-based administration interface of the platforms. The bug permits a distant, authenticated attacker to launch an SQL injection assault on a weak system.“An attacker might exploit this vulnerability by authenticating to the appliance as a low-privileged consumer and sending crafted SQL queries to an affected system. A profitable exploit might permit the attacker to learn or modify any information on the underlying database or elevate their privileges,” Cisco notes in an advisory.The safety defect impacts Cisco Unified CM and Unified CM SME variations 11.5(1), 12.5(1), and 14, and was addressed in model 12.5(1)SU7 of the purposes. A patch will even be included in model 14SU3, which is scheduled for March 2023.On Wednesday, the tech big additionally knowledgeable clients of a medium-severity URL filtering bypass vulnerability in AsyncOS software program for Electronic mail Safety Equipment (ESA). A distant, unauthenticated attacker might exploit the bug utilizing crafted URLs.This week, Cisco additionally introduced patches for 3 medium severity bugs in Expressway Sequence and TelePresence Video Communication Server (VCS).Impacting the API and web-based administration interfaces of those merchandise, the failings might be exploited by an authenticated, distant attacker to put in writing information or entry delicate information on a weak machine. All Expressway Sequence and TelePresence VCS releases previous to 14.0.7 are impacted.Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Additional data on the failings may be discovered on Cisco’s product safety web page.Associated: Cisco Warns of Essential Vulnerability in EoL Small Enterprise RoutersAssociated: Cisco Patches Excessive-Severity Bugs in Electronic mail, Id, Net Safety MerchandiseAssociated: Cisco Safe Electronic mail Gateway Filters Bypassed As a consequence of Malware Scanner SituationGet the Every day Briefing Most CurrentMost LearnChainguard Trains Highlight on SBOM High quality DownsideMeta Slapped With 5.5 Million Euro High quality for EU Information BreachB2B Cost Safety Agency NsKnox Raises $17 MillionCredential Leakage Fueling Rise in API BreachesCisco Patches Excessive-Severity SQL Injection Vulnerability in Unified CMWorldwide Arrests Over ‘Felony’ Crypto TradeCSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure ProvidersSophos Joins Record of Cybersecurity Corporations Reducing WorkersDistributors Actively Bypass Safety Patch for 12 months-Outdated Magento VulnerabilityExploited Management Net Panel Flaw Added to CISA ‘Should-Patch’ RecordOn the lookout for Malware in All of the Incorrect Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By means of Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureTips on how to Determine Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingTips on how to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseSecurityWeek PodcastShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Cisco CVE-2023-20010 high-severity sql injection Unified CM vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Industry Reactions to Govt Requiring Security Guarantees From Software VendorsIntroducing the Cyber Security News Industry Reactions to Govt Requiring Security Guarantees From Software Vendors.... September 16, 2022 Cyber Security News
Google Pays $45,000 for High-Severity Vulnerabilities Found in ChromeIntroducing the Cyber Security News Google Pays $45,000 for High-Severity Vulnerabilities Found in Chrome.... November 9, 2022 Cyber Security News
Chrome 105 Patches Critical, High-Severity VulnerabilitiesIntroducing the Cyber Security News Chrome 105 Patches Critical, High-Severity Vulnerabilities.... August 31, 2022 Cyber Security News
Ransomware Group Threatens to Leak Data Stolen From Security Firm EntrustIntroducing the Cyber Security News Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust.... August 20, 2022 Cyber Security News
Researchers Say Thai Pro-Democracy Activists Hit by SpywareIntroducing the Cyber Security News Researchers Say Thai Pro-Democracy Activists Hit by Spyware.... July 18, 2022 Cyber Security News
Marriott Confirms Small-Scale Data BreachIntroducing the Cyber Security News Marriott Confirms Small-Scale Data Breach.... July 7, 2022 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 75
Ethereum Blockchain Now Has A Modernized Version of Bitcoin (BTC) But With A Much Lower SupplyMarch 9, 2024 71