var-201610-0291
Vulnerability from variot
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Vendors have confirmed this vulnerability Bug ID CSCva27038 and CSCva28335 It is released as.Any user that affects the confidentiality of the system by a remotely authenticated user SQL A subset of queries may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug IDs CSCva27038 and CSCva28335. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A remote attacker can exploit this vulnerability by sending URLs containing malicious SQL statements to the target system to affect system confidentiality, and may also cause denial of service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0291", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "prime infrastructure", scope: "eq", trust: 1.6, vendor: "cisco", version: "1.4.2", }, { model: "prime infrastructure", scope: "eq", trust: 1.6, vendor: "cisco", version: "1.3.0.20", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "2.0", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.2.1", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "3.0", }, { model: "evolved programmable network manager", scope: "eq", trust: 1, vendor: "cisco", version: "2.0", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.3", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "3.1.1", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "2.1.0", }, { model: "evolved programmable network manager", scope: "eq", trust: 1, vendor: "cisco", version: "1.2", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.2", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "2.2", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "2.2\\(2\\)", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.4", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.4.0.45", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "3.1", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.2.0.103", }, { model: "prime infrastructure", scope: "eq", trust: 1, vendor: "cisco", version: "1.4.1", }, { model: "evolved programmable network manager", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "prime infrastructure", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "2.2.0", }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "1.4.0", }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "1.3.0", }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "3.1.0", }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "3.0.0", }, { model: "evolved programmable network manager", scope: "eq", trust: 0.6, vendor: "cisco", version: "1.2.0", }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "1.2.0", }, { model: "prime infrastructure", scope: "eq", trust: 0.6, vendor: "cisco", version: "3.0_base", }, { model: "prime infrastructure", scope: "eq", trust: 0.3, vendor: "cisco", version: null, }, { model: "evolved programmable network manager", scope: "eq", trust: 0.3, vendor: "cisco", version: "0", }, ], sources: [ { db: "BID", id: "93522", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "NVD", id: "CVE-2016-6443", }, { db: "CNNVD", id: "CNNVD-201610-804", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:evolved_programmable_network_manager:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:3.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:cisco:prime_infrastructure:3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2016-6443", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco", sources: [ { db: "BID", id: "93522", }, ], trust: 0.3, }, cve: "CVE-2016-6443", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, impactScore: 6.4, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "Single", author: "NVD", availabilityImpact: "Partial", baseScore: 6.5, confidentialityImpact: "Partial", exploitabilityScore: null, id: "CVE-2016-6443", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.8, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", exploitabilityScore: 8, id: "VHN-95263", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:S/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2016-6443", impactScore: null, integrityImpact: "High", privilegesRequired: "Low", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2016-6443", trust: 1.8, value: "HIGH", }, { author: "CNNVD", id: "CNNVD-201610-804", trust: 0.6, value: "HIGH", }, { author: "VULHUB", id: "VHN-95263", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-95263", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "NVD", id: "CVE-2016-6443", }, { db: "CNNVD", id: "CNNVD-201610-804", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Vendors have confirmed this vulnerability Bug ID CSCva27038 and CSCva28335 It is released as.Any user that affects the confidentiality of the system by a remotely authenticated user SQL A subset of queries may be executed. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nThis issue is being tracked by Cisco Bug IDs CSCva27038 and CSCva28335. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A remote attacker can exploit this vulnerability by sending URLs containing malicious SQL statements to the target system to affect system confidentiality, and may also cause denial of service", sources: [ { db: "NVD", id: "CVE-2016-6443", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "BID", id: "93522", }, { db: "VULHUB", id: "VHN-95263", }, ], trust: 1.98, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2016-6443", trust: 2.8, }, { db: "BID", id: "93522", trust: 2, }, { db: "SECTRACK", id: "1037006", trust: 1.7, }, { db: "JVNDB", id: "JVNDB-2016-005697", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201610-804", trust: 0.7, }, { db: "VULHUB", id: "VHN-95263", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-95263", }, { db: "BID", id: "93522", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "NVD", id: "CVE-2016-6443", }, { db: "CNNVD", id: "CNNVD-201610-804", }, ], }, id: "VAR-201610-0291", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-95263", }, ], trust: 0.01, }, last_update_date: "2023-12-18T13:29:27.296000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20161012-prime", trust: 0.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-prime", }, { title: "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager SQL Injection vulnerability Repair measures", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65139", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "CNNVD", id: "CNNVD-201610-804", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-89", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-95263", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "NVD", id: "CVE-2016-6443", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-prime", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/93522", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1037006", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6443", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6443", }, { trust: 0.3, url: "http://www.cisco.com/", }, ], sources: [ { db: "VULHUB", id: "VHN-95263", }, { db: "BID", id: "93522", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "NVD", id: "CVE-2016-6443", }, { db: "CNNVD", id: "CNNVD-201610-804", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-95263", }, { db: "BID", id: "93522", }, { db: "JVNDB", id: "JVNDB-2016-005697", }, { db: "NVD", id: "CVE-2016-6443", }, { db: "CNNVD", id: "CNNVD-201610-804", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2016-10-27T00:00:00", db: "VULHUB", id: "VHN-95263", }, { date: "2016-10-12T00:00:00", db: "BID", id: "93522", }, { date: "2016-11-04T00:00:00", db: "JVNDB", id: "JVNDB-2016-005697", }, { date: "2016-10-27T21:59:14.860000", db: "NVD", id: "CVE-2016-6443", }, { date: "2016-10-28T00:00:00", db: "CNNVD", id: "CNNVD-201610-804", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-08-01T00:00:00", db: "VULHUB", id: "VHN-95263", }, { date: "2016-10-26T04:08:00", db: "BID", id: "93522", }, { date: "2016-11-04T00:00:00", db: "JVNDB", id: "JVNDB-2016-005697", }, { date: "2019-08-01T12:14:23.610000", db: "NVD", id: "CVE-2016-6443", }, { date: "2019-07-30T00:00:00", db: "CNNVD", id: "CNNVD-201610-804", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201610-804", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco Prime Infrastructure and Evolved Programmable Network Manager of SQL In the database interface SQL Injection vulnerability", sources: [ { db: "JVNDB", id: "JVNDB-2016-005697", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "SQL injection", sources: [ { db: "CNNVD", id: "CNNVD-201610-804", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.