漏洞信息详情

Cisco Prime Infrastructure Software和Cisco Evolved Programmable Network Manager SQL注入漏洞

漏洞简介

Cisco Prime Infrastructure Software和Cisco Evolved Programmable Network Manager都是美国思科(Cisco)公司的产品。Cisco Prime Infrastructure Software是一套通过Cisco Prime LAN Management Solution(LMS)和Cisco Prime Network Control System(NCS)技术进行无线管理的软件。Cisco Evolved Programmable Network Manager是一套网络管理解决方案。

Cisco EPN Manager和Cisco PI Software中存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject

参考网址

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject

来源:BID

链接:http://www.securityfocus.com/bid/108337

来源:www.cisco.com

链接:http://www.cisco.com/

来源:tools.cisco.com

链接:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-pathtrav-1819

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-1825

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Cisco-Prime-Infrastructure-SQL-injection-via-Web-UI-29318

来源:www.securityfocus.com

链接:https://www.securityfocus.com/bid/108337

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/81094

受影响实体

    暂无


漏洞信息快速查询

相关漏洞

更多