CVE-2016-6443
high
CVSS v3
8.8
CVSS v2
6.5
VIR risk
8.8
Description
A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | evolved_programmable_network_manager | 1.2 | |
| cisco | evolved_programmable_network_manager | 2.0 | |
| cisco | prime_infrastructure | 1.2 | |
| cisco | prime_infrastructure | 1.2.0.103 | |
| cisco | prime_infrastructure | 1.2.1 | |
| cisco | prime_infrastructure | 1.3 | |
| cisco | prime_infrastructure | 1.3.0.20 | |
| cisco | prime_infrastructure | 1.4 | |
| cisco | prime_infrastructure | 1.4.0.45 | |
| cisco | prime_infrastructure | 1.4.1 | |
| cisco | prime_infrastructure | 1.4.2 | |
| cisco | prime_infrastructure | 2.0 | |
| cisco | prime_infrastructure | 2.1.0 | |
| cisco | prime_infrastructure | 2.2 | |
| cisco | prime_infrastructure | 2.2\(2\) | |
| cisco | prime_infrastructure | 3.0 | |
| cisco | prime_infrastructure | 3.1 | |
| cisco | prime_infrastructure | 3.1.1 | |
References
- http://www.securityfocus.com/bid/93522
- http://www.securitytracker.com/id/1037006
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
- http://www.securityfocus.com/bid/93522
- http://www.securitytracker.com/id/1037006
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.