Описание
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.
Ссылки
- Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinjectVendor Advisory
- Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinjectVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.
Уязвимость веб-интерфейса администрирования системы мониторинга и управления сетевым оборудованием Cisco Prime Infrastructure и программного средства управления сетевыми сервисами Cisco Evolved Programmable Network Manager, позволяющая нарушителю выполнить произвольные SQL-запросы
EPSS
8.1 High
CVSS3
5.5 Medium
CVSS2