Vulnslist

find the latest Cisco vulnerabilities

Cisco Connected Grid Network Management System SQL Injection Vulnerabilities

Cisco-SA-20130402-CVE-2013-1163 · Medium · Published · Updated

A vulnerability in device management of the Cisco Connected Grid Network Management System (CG-NMS) could allow an unauthenticated, remote attacker to modify data in the CG-NMS database by using SQL injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including SQL statements in an entry field. Cisco has confirmed the vulnerability in a security notice and software updates are available. To exploit the vulnerability, an attacker would need access to trusted, internal networks to send the crafted queries to the targeted system. This access requirement may reduce the likelihood of a successful attack. Customers are advised to review the bug reports in the vendor announcements section for a current list of affected versions.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1163
Cisco Bug IDsCSCue14553, CSCue38746
CVSS ScoreBase 5.8
Base 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C
Product Names From Source
Cisco Connected Grid Network Management System (CG-NMS)

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2013-1163 Cisco OpenVuln
Cisco Meraki MS Series Switches CVE-2013-1163 Cisco OpenVuln
Cisco Connected Grid Network Management System (CG-NMS) CVE-2013-1163 Cisco OpenVuln