Preview Tool

Cisco Bug: CSCvf07617 - Cisco Smart Net Total Care Portal: SQL Injection Vulnerability in Contracts Details page

Last Modified

Apr 24, 2021

Products (1)

  • Cisco Smart Net Total Care

Known Affected Releases


Description (partial)

A vulnerability in the Cisco Smart Net Total Care (SNTC) portal could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used to build SQL queries. 

The issue has been resolved in SNTC 3.11 release.

This advisory is available at the following link:

This was already addressed in the SNTC portal software version 3.11 released on Jul 7th 2017.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.