2 matches found
CVE-2016-1393
Cisco CNAP (Cloud Network Automation Provisioner) 1.0–1.1 contains a SQL injection vulnerability exploitable by an authenticated, remote attacker via crafted URLs. The underlying issue is failure to validate user-supplied input in SQL queries, enabling manipulation or disclosure of database data....
CVE-2016-1441
CVE-2016-1441 affects Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) within Cisco Configuration Assistant (CCA). The vulnerability lets unauthenticated remote attackers bypass filesystem and administrative-endpoint restrictions by issuing GET API calls to CNAP’s API endpoints. Root caus...