Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiNenad StojanovskiZDI-13-066
HistoryMay 10, 2013 - 12:00 a.m.

Cisco Clean Access Manager sortColumn SQL Injection Remote Code Execution Vulnerability

2013-05-1000:00:00
Nenad Stojanovski
www.zerodayinitiative.com
16

EPSS

0.009

Percentile

82.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Clean Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system.

Related

securityvulns 1
prion 1
cvelist 1
nessus 1
nvd 1
zdi 1
cisco 1
cve 1
securityvulns
securityvulns
Cisco Network Admission Control Manager SQL injection
2013-04-22 00:00:00
prion
prion
Sql injection
2013-04-18 18:55:00
cvelist
cvelist
CVE-2013-1177
2013-04-18 18:00:00
nessus
nessus
Cisco Network Admission Control Manager SQL Injection (cisco-sa-20130417-nac)
2013-09-05 00:00:00
nvd
nvd
CVE-2013-1177
2013-04-18 18:55:06
zdi
zdi
Cisco Clean Access Manager filter SQL Injection Remote Code Execution Vulnerability
2013-05-10 00:00:00
cisco
cisco
Cisco Network Admission Control Manager SQL Injection Vulnerability
2013-04-17 16:00:00
cve
cve
CVE-2013-1177
2013-04-18 18:55:06

EPSS

0.009

Percentile

82.7%

JSON
Related for ZDI-13-066
securityvulns1prion1cvelist1nessus1nvd1zdi1cisco1cve1