| Vulnerability Name: | CVE-2013-1177 (CCN-83638) | ||||||||
| Assigned: | 2013-04-17 | ||||||||
| Published: | 2013-04-17 | ||||||||
| Updated: | 2013-04-19 | ||||||||
| Summary: | SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
8.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Data Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-1177 Source: CCN Type: SA53130 Cisco NAC Appliance SQL Injection Vulnerability Source: CCN Type: cisco-sa-20130417-nac Cisco Network Admission Control Manager SQL Injection Vulnerability Source: CISCO Type: Vendor Advisory 20130417 Cisco Network Admission Control Manager SQL Injection Vulnerability Source: CCN Type: BID-59271 Cisco Network Admission Control Manager CVE-2013-1177 Multiple SQL Injection Vulnerabilities Source: XF Type: UNKNOWN cisco-nac-cve20131177-sql-injection(83638) Source: CCN Type: ZDI-13-066 Cisco Clean Access Manager sortColumn SQL Injection Remote Code Execution Vulnerability Source: CCN Type: ZDI-13-067 Cisco Clean Access Manager filter SQL Injection Remote Code Execution Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||