SQL Injection Vulnerability in Cisco Cloud Network Automation Provisioner
CVE-2016-1393

7.1HIGH

Key Information:

Vendor

Cisco
Status
Cloud Network Automation Provisioner
Vendor
CVE Published:
12 May 2016

What is CVE-2016-1393?

An SQL injection vulnerability exists in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1, permitting remote authenticated users to craft specific URLs that can execute arbitrary SQL commands. This flaw, associated with Bug ID CSCuy72175, poses a risk as it can be exploited without needing administrative privileges, highlighting the importance of upgrading affected versions promptly to mitigate potential unauthorized access and data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/90519
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.