Lucene search

[email protected]CVE-2014-3326

HistoryJul 26, 2014 - 11:11 a.m.

CVE-2014-3326

2014-07-2611:11:57

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-3326

sql injection

cisco security manager

web framework

remote authenticated users

bug id cscup26957

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.8%

JSON

SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.

Affected configurations

NVD

Node

ciscosecurity_managerMatch4.5

ciscosecurity_managerMatch4.6

CPENameOperatorVersion
cisco:security_managercisco security managereq4.5
cisco:security_managercisco security managereq4.6

CPE	Name	Operator	Version
cisco:security_manager	cisco security manager	eq	4.5
cisco:security_manager	cisco security manager	eq	4.6

References

secunia.com/advisories/60455

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3326

tools.cisco.com/security/center/viewAlert.x?alertId=35029

www.securityfocus.com/bid/68877

www.securitytracker.com/id/1030639

exchange.xforce.ibmcloud.com/vulnerabilities/94841

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2014-3326

cvelist1 cisco1 nvd1 prion1