Vulnerability Description
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Emergency Responder | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100653Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039287Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/100653Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039287Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12227?
CVE-2017-12227 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure...
How severe is CVE-2017-12227?
CVE-2017-12227 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12227?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Emergency Responder.