Action not permitted
Modal body text goes here.
ghsa-rpqp-hf76-rjpp
Vulnerability from github
Published
2024-01-17 18:31
Modified
2024-01-17 18:31
Severity ?
Details
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
{
"affected": [],
"aliases": [
"CVE-2023-20271"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-17T17:15:10Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.",
"id": "GHSA-rpqp-hf76-rjpp",
"modified": "2024-01-17T18:31:38Z",
"published": "2024-01-17T18:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20271"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
cve-2023-20271
Vulnerability from cvelistv5
Published
2024-01-17 16:56
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:36.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-pi-epnm-wkZJeyeq",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Prime Infrastructure",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.10"
},
{
"status": "affected",
"version": "2.0.39"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.56"
},
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.2.3"
},
{
"status": "affected",
"version": "2.2.10"
},
{
"status": "affected",
"version": "2.2.8"
},
{
"status": "affected",
"version": "2.2.4"
},
{
"status": "affected",
"version": "2.2.7"
},
{
"status": "affected",
"version": "2.2.5"
},
{
"status": "affected",
"version": "2.2.9"
},
{
"status": "affected",
"version": "2.2.1 Update 01"
},
{
"status": "affected",
"version": "2.2.2 Update 03"
},
{
"status": "affected",
"version": "2.2.2 Update 04"
},
{
"status": "affected",
"version": "2.2.3 Update 02"
},
{
"status": "affected",
"version": "2.2.3 Update 03"
},
{
"status": "affected",
"version": "2.2.3 Update 04"
},
{
"status": "affected",
"version": "2.2.3 Update 05"
},
{
"status": "affected",
"version": "2.2.3 Update 06"
},
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0.4"
},
{
"status": "affected",
"version": "3.0.6"
},
{
"status": "affected",
"version": "3.0.5"
},
{
"status": "affected",
"version": "3.0.7"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.7"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "3.1.6"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.0-FIPS"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.3.0 Update 01"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.4.2"
},
{
"status": "affected",
"version": "3.4.1 Update 01"
},
{
"status": "affected",
"version": "3.4.1 Update 02"
},
{
"status": "affected",
"version": "3.4.2 Update 01"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.5.0 Update 01"
},
{
"status": "affected",
"version": "3.5.0 Update 02"
},
{
"status": "affected",
"version": "3.5.0 Update 03"
},
{
"status": "affected",
"version": "3.5.1 Update 01"
},
{
"status": "affected",
"version": "3.5.1 Update 02"
},
{
"status": "affected",
"version": "3.5.1 Update 03"
},
{
"status": "affected",
"version": "3.6.0"
},
{
"status": "affected",
"version": "3.6.0 Update 01"
},
{
"status": "affected",
"version": "3.6.0 Update 02"
},
{
"status": "affected",
"version": "3.6.0 Update 03"
},
{
"status": "affected",
"version": "3.6.0 Update 04"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.4_DP1"
},
{
"status": "affected",
"version": "3.4_DP3"
},
{
"status": "affected",
"version": "3.4_DP2"
},
{
"status": "affected",
"version": "3.5_DP1"
},
{
"status": "affected",
"version": "3.4_DP7"
},
{
"status": "affected",
"version": "3.4_DP10"
},
{
"status": "affected",
"version": "3.4_DP5"
},
{
"status": "affected",
"version": "3.1_DP15"
},
{
"status": "affected",
"version": "3.4_DP11"
},
{
"status": "affected",
"version": "3.4_DP8"
},
{
"status": "affected",
"version": "3.7_DP1"
},
{
"status": "affected",
"version": "3.3_DP4"
},
{
"status": "affected",
"version": "3.10_DP1"
},
{
"status": "affected",
"version": "3.8_DP1"
},
{
"status": "affected",
"version": "3.7_DP2"
},
{
"status": "affected",
"version": "3.6_DP1"
},
{
"status": "affected",
"version": "3.1_DP16"
},
{
"status": "affected",
"version": "3.5_DP4"
},
{
"status": "affected",
"version": "3.3_DP3"
},
{
"status": "affected",
"version": "3.2_DP2"
},
{
"status": "affected",
"version": "3.4_DP4"
},
{
"status": "affected",
"version": "3.1_DP14"
},
{
"status": "affected",
"version": "3.1_DP6"
},
{
"status": "affected",
"version": "3.1_DP9"
},
{
"status": "affected",
"version": "3.4_DP6"
},
{
"status": "affected",
"version": "3.2_DP3"
},
{
"status": "affected",
"version": "3.4_DP9"
},
{
"status": "affected",
"version": "3.3_DP2"
},
{
"status": "affected",
"version": "3.2_DP1"
},
{
"status": "affected",
"version": "3.1_DP10"
},
{
"status": "affected",
"version": "3.9_DP1"
},
{
"status": "affected",
"version": "3.3_DP1"
},
{
"status": "affected",
"version": "3.1_DP13"
},
{
"status": "affected",
"version": "3.5_DP2"
},
{
"status": "affected",
"version": "3.1_DP12"
},
{
"status": "affected",
"version": "3.1_DP4"
},
{
"status": "affected",
"version": "3.5_DP3"
},
{
"status": "affected",
"version": "3.1_DP8"
},
{
"status": "affected",
"version": "3.1_DP7"
},
{
"status": "affected",
"version": "3.2_DP4"
},
{
"status": "affected",
"version": "3.1_DP11"
},
{
"status": "affected",
"version": "3.1_DP5"
},
{
"status": "affected",
"version": "3.7.0"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.7.1 Update 04"
},
{
"status": "affected",
"version": "3.7.1 Update 06"
},
{
"status": "affected",
"version": "3.7.1 Update 07"
},
{
"status": "affected",
"version": "3.7.1 Update 03"
},
{
"status": "affected",
"version": "3.7.0 Update 03"
},
{
"status": "affected",
"version": "3.7.1 Update 01"
},
{
"status": "affected",
"version": "3.7.1 Update 02"
},
{
"status": "affected",
"version": "3.7.1 Update 05"
},
{
"status": "affected",
"version": "3.8.0"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.8.1 Update 02"
},
{
"status": "affected",
"version": "3.8.1 Update 04"
},
{
"status": "affected",
"version": "3.8.1 Update 01"
},
{
"status": "affected",
"version": "3.8.1 Update 03"
},
{
"status": "affected",
"version": "3.8.0 Update 01"
},
{
"status": "affected",
"version": "3.8.0 Update 02"
},
{
"status": "affected",
"version": "3.9.0"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.9.1 Update 02"
},
{
"status": "affected",
"version": "3.9.1 Update 03"
},
{
"status": "affected",
"version": "3.9.1 Update 01"
},
{
"status": "affected",
"version": "3.9.1 Update 04"
},
{
"status": "affected",
"version": "3.9.0 Update 01"
},
{
"status": "affected",
"version": "3.10.0"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.10 Update 01"
},
{
"status": "affected",
"version": "3.10.4"
},
{
"status": "affected",
"version": "3.10.4 Update 01"
}
]
},
{
"product": "Cisco Evolved Programmable Network Manager (EPNM)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.2.6"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.5"
},
{
"status": "affected",
"version": "1.2.1.2"
},
{
"status": "affected",
"version": "1.2.4"
},
{
"status": "affected",
"version": "1.2.7"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.2.2.4"
},
{
"status": "affected",
"version": "1.2.4.2"
},
{
"status": "affected",
"version": "2.0.2"
},
{
"status": "affected",
"version": "2.0.4"
},
{
"status": "affected",
"version": "2.0.3"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.0.1.1"
},
{
"status": "affected",
"version": "2.0.2.1"
},
{
"status": "affected",
"version": "2.0.4.1"
},
{
"status": "affected",
"version": "2.0.4.2"
},
{
"status": "affected",
"version": "2.1.2"
},
{
"status": "affected",
"version": "2.1.3"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.1.1.1"
},
{
"status": "affected",
"version": "2.1.1.3"
},
{
"status": "affected",
"version": "2.1.1.4"
},
{
"status": "affected",
"version": "2.1.2.2"
},
{
"status": "affected",
"version": "2.1.2.3"
},
{
"status": "affected",
"version": "2.1.3.2"
},
{
"status": "affected",
"version": "2.1.3.3"
},
{
"status": "affected",
"version": "2.1.3.4"
},
{
"status": "affected",
"version": "2.1.3.5"
},
{
"status": "affected",
"version": "2.1.4"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.1.1"
},
{
"status": "affected",
"version": "2.2.1.2"
},
{
"status": "affected",
"version": "2.2.1.3"
},
{
"status": "affected",
"version": "2.2.1.4"
},
{
"status": "affected",
"version": "2.2.3"
},
{
"status": "affected",
"version": "2.2.4"
},
{
"status": "affected",
"version": "2.2.5"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "3.0.3"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.1.1.1"
},
{
"status": "affected",
"version": "4.1.1.2"
},
{
"status": "affected",
"version": "4.0.3"
},
{
"status": "affected",
"version": "4.0.1"
},
{
"status": "affected",
"version": "4.0.2"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.0.3.1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "5.0.2"
},
{
"status": "affected",
"version": "5.0.2.5"
},
{
"status": "affected",
"version": "5.0.2.3"
},
{
"status": "affected",
"version": "5.0.2.4"
},
{
"status": "affected",
"version": "5.0.2.1"
},
{
"status": "affected",
"version": "5.0.2.2"
},
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.0.2.6"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1.3"
},
{
"status": "affected",
"version": "5.1.4"
},
{
"status": "affected",
"version": "5.1.4.2"
},
{
"status": "affected",
"version": "5.1.4.1"
},
{
"status": "affected",
"version": "5.1.4.3"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.1.3.1"
},
{
"status": "affected",
"version": "5.1.3.2"
},
{
"status": "affected",
"version": "5.1.4.4"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.0.0"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.3"
},
{
"status": "affected",
"version": "6.0.3.1"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.1.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:33.023Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-pi-epnm-wkZJeyeq",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq"
}
],
"source": {
"advisory": "cisco-sa-pi-epnm-wkZJeyeq",
"defects": [
"CSCwf81862",
"CSCwf83557"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20271",
"datePublished": "2024-01-17T16:56:25.553Z",
"dateReserved": "2022-10-27T18:47:50.373Z",
"dateUpdated": "2024-08-02T09:05:36.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.