返回 CVE 浏览器

CVE-2018-15441

CRITICAL

9.4

CVSS Severity Score

EPSS Score0.1190%

EPSS Percentile21.27th

Published2018年11月28日

Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.

Affected Platforms (CPE)

📦

Cisco

Prime License Manager

>= 11.0.1 and <= 11.5

📦

Cisco

Prime License Manager

= 11.5\(1\)

References & Advisories

🔗 http://www.securityfocus.com/bid/106039

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

🔗 http://www.securityfocus.com/bid/106039

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

相关漏洞威胁

CVE-2020-31409.8

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remo...

CVE-2021-13628.8

A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Man...

CVE-2017-67797.5

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaborati...

CVE-2021-12264.3

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Sessi...