Lucene search

CiscoCISCO-SA-20151008-PCA2

HistoryOct 08, 2015 - 1:30 p.m.

Cisco Prime Collaboration Assurance SQL Injection Vulnerability

2015-10-0813:30:00

tools.cisco.com

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.001

Percentile

41.4%

JSON

A vulnerability in web framework of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to execute unauthorized SQL queries.

The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read, modify, or delete entries in some database tables.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca2[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca2”]

Affected configurations

Vulners

Node

ciscoprime_collaboration_assuranceMatchany

VendorProductVersionCPE
ciscoprime_collaboration_assuranceanycpe:2.3:a:cisco:prime_collaboration_assurance:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_collaboration_assurance	any	cpe:2.3:a:cisco:prime_collaboration_assurance:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca2

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS

0.001

Percentile

41.4%

JSON

Related for CISCO-SA-20151008-PCA2