CVE-2019-1942 — SQL Injection in Cisco Identity Services Engine Software

CWE-89 — SQL Injection8 documents7 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

0.2%

top 61.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software Cisco Identity Services Engine

Timeline

PublishedJul 17

Latest updateMay 24

Description

A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_identity_services_engine_softwareunspecified — 2.6.0

▶NVDcisco/identity_services_engine2.6.0

🔴Vulnerability Details

GHSA

GHSA-wx9c-357r-4xg8: A vulnerability in the sponsor portal web interface for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to impact t↗2022-05-24

▶

CVEList

Cisco Identity Services Engine Blind SQL Injection Vulnerability↗2019-07-17

▶

💥Exploits & PoCs

Exploit-DB

Android Binder - Use-After-Free (Metasploit)↗2020-02-24

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Blind SQL Injection Vulnerability↗2019-07-17

▶

💬Community

Bugzilla

CVE-2019-2215 kernel: Use-after-free in binder.c↗2020-02-21

▶