CVE-2017-6698

MEDIUM

Cisco Prime Infrastructure - SQL Injection

Title source: rule

Description

A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B).

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99214

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038751

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm2

Scores

CVSS v3 5.4

EPSS 0.0020

EPSS Percentile 41.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-89

Status published

Products (3)

cisco/prime_infrastructure

cisco/prime_infrastructure

n/a/Cisco Prime Infrastructure and Evolved Programmable Network Manager < Cisco Prime Infrastructure and Evolved Programmable Network Manager

Published Jul 04, 2017

Tracked Since Feb 18, 2026