cbcvebase.
CVE-2018-15441
published 2018-11-28

CVE-2018-15441: A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL…

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.65%
88.2th percentile
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.

Affected

4 ranges
VendorProductVersion rangeFixed in
ciscocisco_prime_license_manager
ciscoprime_license_manager
ciscoprime_license_manager
ciscoprime_license_manager11.0.1 – 11.5

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector is crafted HTTP POST requests containing malicious SQL statements sent to the Cisco Prime License Manager web application
  • Successful exploitation may result in the postgres OS user spawning a shell — monitor for unexpected shell processes spawned by the postgres user on PLM hosts
  • Target application is Cisco Prime License Manager (PLM); monitor its web framework endpoints for anomalous POST request bodies containing SQL metacharacters or statements
  • ·The initial patch ciscocm.CSCvk30822_v1.0.k3.cop.sgn was found to cause functional issues; rolling it back removes the vulnerability fix. The updated patch ciscocm.CSCvk30822_v2.0.k3.cop.sgn should be used instead.
  • ·Rolling back the v1.0 patch corrects functional issues but leaves the device exposed to CVE-2018-15441 again.
  • ·No workarounds exist for this vulnerability; patching is the only remediation path.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.4CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.