Cisco has released updates to fix an improper user input validation vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability could be exploited to conduct an SQL injection attack.
- While Cisco is not aware of this being exploited in the wild, it’s a good time to gather all the updates they released this month and get them deployed, starting with anything which is directly Internet accessible. While you’re at it, make sure that you are able to detect (and ideally block) attempted exploits of these vulnerabilities.
- We continue to name vulnerabilities by the method of exploiting them rather than the development and coding practices and quality control failures that lead to them. It should not surprise us that the vulnerabilities persist and recur.
Read more in