Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability

cisco-sa-20170621-piepnm2 · Medium · Published · Updated

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input to the SQL database. For additional information about SQL injection attacks, see https://www.owasp.org/index.php/SQL_Injection. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm2

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6698
Cisco Bug IDsCSCvc23892, CSCvc35270, CSCvc35626, CSCvc35630, CSCvc49568
CVSS ScoreBase 6.5
Base 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Infrastructure, Cisco Evolved Programmable Network Manager (EPNM)

Related Products

Product CVE Evidence
Cisco Prime Infrastructure CVE-2017-6698 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2017-6698 Cisco OpenVuln