Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

cisco-sa-20190515-pi-sqlinject · High · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. These vulnerabilities exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit these vulnerabilities by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2019-1824, CVE-2019-1825
Cisco Bug IDsCSCvo28734, CSCvo62268, CSCvo23576, CSCvo62275
CVSS ScoreBase 8.1
Base 8.1 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Infrastructure, Cisco Evolved Programmable Network Manager (EPNM)

Related Products

Product CVE Evidence
Cisco Prime Infrastructure CVE-2019-1825 Cisco OpenVuln
Cisco Prime Infrastructure CVE-2019-1824 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2019-1825 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2019-1824 Cisco OpenVuln