CVE-2016-6453 — SQL Injection in Cisco Identity Services Engine

CWE-89 — SQL Injection4 documents4 sources

Severity

7.3HIGHNVD

EPSS

0.3%

top 43.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine

Timeline

PublishedNov 3

Latest updateMay 17

Description

A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:NExploitability: 2.1 | Impact: 5.2

Affected Packages1 packages

▶NVDcisco/identity_services_engine1.3\(0.876\)

🔴Vulnerability Details

GHSA

GHSA-4hr4-cp6j-vvwj: A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary S↗2022-05-17

▶

CVEList

CVE-2016-6453: A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary S↗2016-11-03

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine SQL Injection Vulnerability↗2016-10-26

▶