Cisco Unity Connection CVE-2014-3336 SQL Injection Vulnerability

Bugtraq ID:	69163
Class:	Input Validation Error
CVE:	CVE-2014-3336
Remote:	Yes
Local:	No
Published:	Aug 08 2014 12:00AM
Updated:	Aug 12 2014 12:41AM
Credit:	Cisco
Vulnerable:
Not Vulnerable:

Cisco Unity Connection CVE-2014-3336 SQL Injection Vulnerability

Cisco Unity Connection is prone to an SQL-injection vulnerability.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue is being tracked by Cisco Bug ID CSCuq31016.

Cisco Unity Connection CVE-2014-3336 SQL Injection Vulnerability

An attacker can exploit this issue using a browser.

Cisco Unity Connection CVE-2014-3336 SQL Injection Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Cisco Unity Connection CVE-2014-3336 SQL Injection Vulnerability

References:

• Cisco Homepage (Cisco)