In order to address high-severity vulnerabilities that might result in privilege escalation, SQL injection, directory traversal, and denial-of-service (DoS), Cisco on Wednesday released security patches for a number of enterprise apps. The web administration interface of Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session administration Edition (Unified CM SME) is the most severely affected by these issues.
The problem, which has the tracking number CVE-2023-20211 and a CVSS rating of 8.1, is defined as an incorrect validation of user-supplied input that could enable a remote, authorized attacker to conduct a SQL injection attack. “By logging into the application as a user with read-only or higher rights and submitting specially crafted HTTP requests to a vulnerable system, an attacker might take advantage of this vulnerability. If the exploit is effective, the attacker may be able to read or alter data in the.