Lucene search

CiscoCISCO-SA-20151028-PSC

HistoryOct 28, 2015 - 7:30 p.m.

Cisco Prime Service Catalog SQL Injection Vulnerability

2015-10-2819:30:00

tools.cisco.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.001

Percentile

41.4%

JSON

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries.

The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc”].

Affected configurations

Vulners

Node

ciscoprime_service_catalogMatchany

VendorProductVersionCPE
ciscoprime_service_cataloganycpe:2.3:a:cisco:prime_service_catalog:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_service_catalog	any	cpe:2.3:a:cisco:prime_service_catalog:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151028-psc

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.001

Percentile

41.4%

JSON

Related for CISCO-SA-20151028-PSC