CVE-2013-1177

SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.

Published: Apr 18, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1177
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / network_admission_control_manager_and_server_system_software	4.8.2	4.8.2.x
cisco / network_admission_control_manager_and_server_system_software	4.8.1	4.8.1.x
cisco / network_admission_control_manager_and_server_system_software	-	4.8.3.x
cisco / network_admission_control_manager_and_server_system_software	4.9.0	4.9.0.x
cisco / network_admission_control_manager_and_server_system_software	4.9.1	4.9.1.x
cisco / network_admission_control_manager_and_server_system_software	4.8.0	4.8.0.x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac

Vulnerability Database

290,206

CVE-2013-1177