CVE-2019-1825

HIGH

Cisco Prime Infrastructure/EPN Manager - SQL Injection

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108337

Scores

CVSS v3 8.1
EPSS 0.0190
EPSS Percentile 77.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (3)
cisco/evolved_programmable_network_manager < 3.0.1
cisco/network_level_service 3.0\(0.0.83b\)
cisco/prime_infrastructure < 3.4.1
Published May 16, 2019
Tracked Since Feb 18, 2026