CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
41.4%
According to its self-reported version number, the Cisco Prime Collaboration Provisioning (PCP) device is 10.6.x or 11.0.x prior to 11.0.0.582. It is, therefore, affected by a SQL injection vulnerability in the web framework component due to improper sanitization of user-supplied input before using it in SQL queries. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(91344);
script_version("1.3");
script_cvs_date("Date: 2018/07/06 11:26:05");
script_cve_id("CVE-2015-6329");
script_bugtraq_id(77050);
script_xref(name:"CISCO-BUG-ID", value:"CSCut64074");
script_xref(name:"CISCO-SA", value:"cisco-sa-20151008-pcp");
script_name(english:"Cisco Prime Collaboration Provisioning 10.6.x / 11.0.x < 11.0.0.815 Web Framework SQLi (cisco-sa-20151008-pcp)");
script_summary(english:"Checks the Cisco Prime Collaboration Provisioning version.");
script_set_attribute(attribute:"synopsis", value:
"The remote network management device is affected by a SQL injection
vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the Cisco Prime
Collaboration Provisioning (PCP) device is 10.6.x or 11.0.x prior to
11.0.0.582. It is, therefore, affected by a SQL injection
vulnerability in the web framework component due to improper
sanitization of user-supplied input before using it in SQL queries. An
authenticated, remote attacker can exploit this to inject or
manipulate SQL queries in the back-end database, allowing for the
manipulation or disclosure of arbitrary data.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pcp
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3ffcc0c2");
script_set_attribute(attribute:"solution", value:
"Upgrade to Cisco Prime Collaboration Provisioning version 11.0.0.815
or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/08");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/09");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:prime_collaboration_provisioning");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_dependencies("cisco_prime_collaboration_provisioning_detect.nbin");
script_require_keys("Host/Cisco/PrimeCollaborationProvisioning/version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
appname = "Prime Collaboration Provisioning";
version = get_kb_item_or_exit("Host/Cisco/PrimeCollaborationProvisioning/version");
if (version == "10" || version == "11" || version == "11.0" || version == "11.0.0")
audit(AUDIT_VER_NOT_GRANULAR, appname, version);
fix = '11.0.0.582'; # This was the first internal release with fix
report_fix = '11.0.0.815'; # First public release with fix
if(
version =~ "^(10\.6|11\.0)([^0-9]|$)" &&
ver_compare(ver:version, fix:fix, strict:FALSE) == -1
)
{
report =
'\n Installed version : ' + version +
'\n Fixed version : ' + report_fix +
'\n';
security_report_v4(port:0, extra:report, severity:SECURITY_WARNING, sqli:TRUE);
}
else audit(AUDIT_INST_VER_NOT_VULN, appname, version);