Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20190515-PI-SQLINJECT
HistoryMay 15, 2019 - 4:00 p.m.

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities

2019-05-1516:00:00
tools.cisco.com
31

EPSS

0.001

Percentile

49.6%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries.

These vulnerabilities exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit these vulnerabilities by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject”]

Affected configurations

Vulners
Node
ciscoprime_infrastructureMatchany
OR
ciscoevolved_programmable_network_managerMatchany
OR
ciscoprime_infrastructureMatchany
OR
ciscoevolved_programmable_network_managerMatchany
VendorProductVersionCPE
ciscoprime_infrastructureanycpe:2.3:a:cisco:prime_infrastructure:any:*:*:*:*:*:*:*
ciscoevolved_programmable_network_manageranycpe:2.3:a:cisco:evolved_programmable_network_manager:any:*:*:*:*:*:*:*

Related

prion 2
cvelist 2
srcincite 2
nvd 2
cve 2
threatpost 1
prion
prion
Sql injection
2019-05-16 01:29:00
Sql injection
2019-05-16 01:29:00
cvelist
cvelist
CVE-2019-1825 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities
2019-05-16 01:10:14
CVE-2019-1824 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities
2019-05-16 01:10:20
srcincite
srcincite
SRC-2019-0040 : Cisco Prime Infrastructure DbTableListAction orderByColumn SQL Injection Information Disclosure Vulnerability
2019-02-01 00:00:00
SRC-2019-0041 : Cisco Prime Infrastructure DbTableListDetailAction orderByColumn SQL Injection Information Disclosure Vulnerability
2019-02-01 00:00:00
nvd
nvd
CVE-2019-1824
2019-05-16 01:29:00
CVE-2019-1825
2019-05-16 01:29:00
cve
cve
CVE-2019-1824
2019-05-16 01:29:00
CVE-2019-1825
2019-05-16 01:29:00
threatpost
threatpost
Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution
2019-05-16 13:53:39

EPSS

0.001

Percentile

49.6%

JSON
Related for CISCO-SA-20190515-PI-SQLINJECT
prion2cvelist2srcincite2nvd2cve2threatpost1