CVE-2018-15441
published 2018-11-28CVE-2018-15441: A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.65%
88.2th percentile
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_prime_license_manager | — | — |
| cisco | prime_license_manager | — | — |
| cisco | prime_license_manager | — | — |
| cisco | prime_license_manager | 11.0.1 – 11.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is crafted HTTP POST requests containing malicious SQL statements sent to the Cisco Prime License Manager web application ↗
- →Successful exploitation may result in the postgres OS user spawning a shell — monitor for unexpected shell processes spawned by the postgres user on PLM hosts ↗
- →Target application is Cisco Prime License Manager (PLM); monitor its web framework endpoints for anomalous POST request bodies containing SQL metacharacters or statements ↗
- ·The initial patch ciscocm.CSCvk30822_v1.0.k3.cop.sgn was found to cause functional issues; rolling it back removes the vulnerability fix. The updated patch ciscocm.CSCvk30822_v2.0.k3.cop.sgn should be used instead. ↗
- ·Rolling back the v1.0 patch corrects functional issues but leaves the device exposed to CVE-2018-15441 again. ↗
- ·No workarounds exist for this vulnerability; patching is the only remediation path. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.4CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Prime License Manager SQL Injection Vulnerability
vendor_cisco·2018-11-28·CVSS 9.4
CVE-2018-15441 [CRITICAL] CWE-89 Cisco Prime License Manager SQL Injection Vulnerability
Cisco Prime License Manager SQL Injection Vulnerability
Update (2018-December-20): The updated patch ciscocm.CSCvk30822_v2.0.k3.cop.sgn that avoids the functional issues identified with the v1.0 patch has been posted to Cisco.com. See the Fixed Releases section for details.
Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn
patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but
the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for details.
A vulnerability in the web framework code of Cisco Prime License Manager
(PLM) could allow an unauthenticated, remote
Cisco
Cisco Prime License Manager SQL Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-15441 Cisco Prime License Manager SQL Injection Vulnerability
CVE-2018-15441: Cisco Prime License Manager SQL Injection Vulnerability
Update (2018-December-20): The updated patch ciscocm.CSCvk30822_v2.0.k3.cop.sgn that avoids the functional issues identified with the v1.0 patch has been posted to Cisco.com. See the Fixed Releases section for
CVSS: 3.0
CWE: CWE-89, CWE-89
Bug IDs: CSCvk30822, CSCvk30822, CSCvk30822, CSCvk30822, CSCvk30822
GHSA
GHSA-pj62-g8w9-6x78: A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQ
ghsa_unreviewed·2022-05-13
CVE-2018-15441 [CRITICAL] CWE-89 GHSA-pj62-g8w9-6x78: A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQ
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-11-28
Published