CVE-2019-1824

CWE-89 — SQL Injection4 documents4 sources

Severity

8.1HIGH

EPSS

0.3%

top 45.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Cisco Prime Infrastructure

Timeline

PublishedMay 16

Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could a…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDcisco/evolved_programmable_network_manager< 3.0.1

▶NVDcisco/prime_infrastructure< 3.4.1

▶CVEListV5cisco/cisco_prime_infrastructure3.4

🔴Vulnerability Details

GHSA

GHSA-qh4g-m5r3-5v8q: A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could al↗2022-05-24

▶

CVEList

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities↗2019-05-16

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities↗2019-05-15

▶