5.5
CVSSv2

CVE-2017-6698

Published: 04/07/2017 Updated: 07/07/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 5.4 | Impact Score: 2.5 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Summary

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote malicious user to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

Affected Products

Vendor Product Versions
CiscoPrime Infrastructure2.0(4.0.45b), 3.1(1)

Vendor Advisories

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries The vulnerability is due to a lack of proper validation on user-supplied input ...

Mailing Lists

Cisco Prime Infrastructure versions 11 through 316 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities ...