SQL Injection Vulnerability in Cisco Prime Infrastructure and EPNM
CVE-2017-6698

5.4MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Infrastructure And Evolved Programmable Network Manager
Vendor
CVE Published:
4 July 2017

Summary

A security issue exists in the SQL database interface of Cisco Prime Infrastructure and Evolved Programmable Network Manager that allows an authenticated remote attacker to execute arbitrary SQL queries. This exploitation can compromise the confidentiality and integrity of the application, potentially exposing sensitive information or disrupting operations.

Affected Version(s)

Cisco Prime Infrastructure and Evolved Programmable Network Manager Cisco Prime Infrastructure and Evolved Programmable Network Manager

References

http://www.securitytracker.com/id/1038751
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99214
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.