Lucene search

CiscoCISCO-SA-20130417-NAC

HistoryApr 17, 2013 - 4:00 p.m.

Cisco Network Admission Control Manager SQL Injection Vulnerability

2013-04-1716:00:00

tools.cisco.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.7%

JSON

Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify any information in the NAC Manager database.

Cisco has released software updates that address this vulnerability.

There are no workarounds for this vulnerability.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac”]

Affected configurations

Vulners

Node

cisconac_applianceMatchany

VendorProductVersionCPE
cisconac_applianceanycpe:2.3:h:cisco:nac_appliance:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nac_appliance	any	cpe:2.3:h:cisco:nac_appliance:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.7%

JSON

Related for CISCO-SA-20130417-NAC