Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
BID:68877
Info
Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
| Bugtraq ID: | 68877 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-3326 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 24 2014 12:00AM |
| Updated: | Jul 24 2014 12:00AM |
| Credit: | Cisco |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
Cisco Security Manager is prone to an SQL-injection vulnerability.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is being tracked by Cisco Bug ID CSCup26957.
Cisco Security Manager is prone to an SQL-injection vulnerability.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is being tracked by Cisco Bug ID CSCup26957.
Exploit / POC
Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
Attacker can exploit this issue using a browser.
Attacker can exploit this issue using a browser.
Solution / Fix
References
Cisco Security Manager Web Framework CVE-2014-3326 SQL Injection Vulnerability
References:
References:
- Cisco Homepage (Cisco)