VAR-201304-0288
Vulnerability from variot - Updated: 2023-12-18 13:49SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. Vendors have confirmed this vulnerability Bug ID CSCub23095 It is released as.By any third party SQL The command may be executed. Authentication is not required to exploit this vulnerability.The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database and execute arbitrary code. This issue is tracked by Cisco BugID CSCub23095
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0288",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.9.0"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.8.0"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.9.1"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.8.1"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.8.2"
},
{
"model": "clean access manager",
"scope": null,
"trust": 1.4,
"vendor": "cisco",
"version": null
},
{
"model": "network admission control manager and server system software",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.8.3"
},
{
"model": "network admission control manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.9.2"
},
{
"model": "network admission control manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "4.9.x"
},
{
"model": "network admission control manager and server system software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.8.3"
},
{
"model": "network admission control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.9"
},
{
"model": "network admission control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8.2"
},
{
"model": "network admission control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8.1"
},
{
"model": "network admission control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8.0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "BID",
"id": "59271"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.8.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:network_admission_control_manager_and_server_system_software:4.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1177"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nenad Stojanovski",
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
}
],
"trust": 1.4
},
"cve": "CVE-2013-1177",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1177",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 1.4,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-1177",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-61179",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-1177",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2013-1177",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-419",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-61179",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "VULHUB",
"id": "VHN-61179"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. Vendors have confirmed this vulnerability Bug ID CSCub23095 It is released as.By any third party SQL The command may be executed. Authentication is not required to exploit this vulnerability.The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. \nAn attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database and execute arbitrary code. \nThis issue is tracked by Cisco BugID CSCub23095",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "BID",
"id": "59271"
},
{
"db": "VULHUB",
"id": "VHN-61179"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1177",
"trust": 4.2
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1535",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-067",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1536",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-13-066",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201304-419",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130417 CISCO NETWORK ADMISSION CONTROL MANAGER SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "53130",
"trust": 0.6
},
{
"db": "BID",
"id": "59271",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-61179",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "VULHUB",
"id": "VHN-61179"
},
{
"db": "BID",
"id": "59271"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"id": "VAR-201304-0288",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61179"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:06.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20130417-nac",
"trust": 2.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130417-nac"
},
{
"title": "28928",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=28928"
},
{
"title": "cisco-sa-20130417-nac",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/111/1117/1117759_cisco-sa-20130417-nac-j.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61179"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "NVD",
"id": "CVE-2013-1177"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130417-nac"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1177"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1177"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53130"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps6128/index.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "VULHUB",
"id": "VHN-61179"
},
{
"db": "BID",
"id": "59271"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"db": "VULHUB",
"id": "VHN-61179"
},
{
"db": "BID",
"id": "59271"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-10T00:00:00",
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"date": "2013-05-10T00:00:00",
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"date": "2013-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-61179"
},
{
"date": "2013-04-17T00:00:00",
"db": "BID",
"id": "59271"
},
{
"date": "2013-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"date": "2013-04-18T18:55:06.910000",
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"date": "2013-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-10T00:00:00",
"db": "ZDI",
"id": "ZDI-13-067"
},
{
"date": "2013-05-10T00:00:00",
"db": "ZDI",
"id": "ZDI-13-066"
},
{
"date": "2013-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-61179"
},
{
"date": "2013-05-13T11:12:00",
"db": "BID",
"id": "59271"
},
{
"date": "2013-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002414"
},
{
"date": "2013-04-19T04:00:00",
"db": "NVD",
"id": "CVE-2013-1177"
},
{
"date": "2013-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Network Admission Control Manager In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-419"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…