Cisco Bug: CSCup26957 - Cisco Security Manager SQL Injection Vulnerability
Aug 06, 2018
- Cisco Security Manager
Known Affected Releases
Symptom: A vulnerability in the web-framework code of Cisco Security Manager (CSM) could allow an authenticated, remote attacker to execute arbitrary queries on the database. The vulnerability is due to insufficient controls on SQL statements. An attacker could exploit this vulnerability by sending crafted requests to the web-server. An exploit could allow the attacker to read a subset of the data stored in the database Conditions: Device configured with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases