CVE-2017-6698 — SQL Injection in Cisco Prime Infrastructure

CWE-89 — SQL Injection4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 58.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Prime Infrastructure

Timeline

PublishedJul 4

Latest updateMay 17

Description

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDcisco/prime_infrastructure2.0\(4.0.45b\), 3.1\(1\)+1

🔴Vulnerability Details

GHSA

GHSA-ggjg-37r9-4hhp: A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authentic↗2022-05-17

▶

CVEList

CVE-2017-6698: A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authentic↗2017-07-04

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability↗2017-06-21

▶