Cisco Security Manager Remote Code Execution Vulnerability
Last Update Date:
29 Jul 2014 12:33
Release Date:
29 Jul 2014
3910
Views
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability was identified in Cisco Security Manager. A remote user can inject SQL commands.
The web framework code does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.
Note: No patch is currently available.
Impact
- Remote Code Execution
System / Technologies affected
- Versions 4.5(0) and 4.6(0)FCS1
Solutions
- Note: No patch is currently available.
Vulnerability Identifier
Source
Related Link
Share with