1. Home
  2. Mapping Frameworks
  3. CVE Home
  4. Cisco Unified Communications Manager

CVE CVE-2019-15972 Mappings

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2019-15972 Cisco Unified Communications Manager primary_impact T1059 Command and Scripting Interpreter
CVE-2019-15972 Cisco Unified Communications Manager secondary_impact T1005 Data from Local System
CVE-2019-15972 Cisco Unified Communications Manager secondary_impact T1565.001 Stored Data Manipulation
CVE-2019-15972 Cisco Unified Communications Manager exploitation_technique T1133 External Remote Services
CVE-2019-15972 Cisco Unified Communications Manager exploitation_technique T1078 Valid Accounts