Skip to main content

Cisco Security Manager Remote Code Execution Vulnerability

Last Update Date: 29 Jul 2014 12:33 Release Date: 29 Jul 2014 3910 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability was identified in Cisco Security Manager. A remote user can inject SQL commands.

The web framework code does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

 

Note: No patch is currently available.


Impact

  • Remote Code Execution

System / Technologies affected

  • Versions 4.5(0) and 4.6(0)FCS1

Solutions

  • Note: No patch is currently available.

Vulnerability Identifier


Source


Related Link