SQL Injection Vulnerability in Cisco Cloud Network Automation Provisioner
CVE-2016-1393

7.1HIGH

Key Information:

Vendor: Cisco
Status: Cloud Network Automation Provisioner
Vendor: CVE Published:; 12 May 2016

Summary

An SQL injection vulnerability exists in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1, permitting remote authenticated users to craft specific URLs that can execute arbitrary SQL commands. This flaw, associated with Bug ID CSCuy72175, poses a risk as it can be exploited without needing administrative privileges, highlighting the importance of upgrading affected versions promptly to mitigate potential unauthorized access and data manipulation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/90519

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2016
Vulnerability Reserved
Jan 4, 2016