CVE-2017-6698

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Infrastructure And Evolved Programmable Network Manager
Vendor
CVE Published:
4 July 2017

Summary

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

Affected Version(s)

Cisco Prime Infrastructure and Evolved Programmable Network Manager Cisco Prime Infrastructure and Evolved Programmable Network Manager

References

http://www.securitytracker.com/id/1038751
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99214
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.