Cisco Bug: CSCuw24700 - Cisco ACS SQL Injection Vulnerability
Aug 19, 2016
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: A vulnerability in the Cisco Secure Access Control Server (ACS) interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Conditions: Default configuration of system running affected version. Conditions: Default configuration of system running affected version.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases