CVE-2016-6443

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).

Published: Oct 27, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-6443
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / prime_infrastructure	1.4.2	1.4.2.x
cisco / prime_infrastructure	2.2	2.2.x
cisco / prime_infrastructure	1.2.1	1.2.1.x
cisco / prime_infrastructure	3.1.1	3.1.1.x
cisco / prime_infrastructure	2.1.0	2.1.0.x
cisco / prime_infrastructure	1.3.0.20	1.3.0.20.x
cisco / prime_infrastructure	1.2.0.103	1.2.0.103.x
cisco / prime_infrastructure	2.2(2)	2.2(2).x
cisco / prime_infrastructure	1.4.0.45	1.4.0.45.x
cisco / prime_infrastructure	1.4.1	1.4.1.x
cisco / evolved_programmable_network_manager	1.2	1.2.x
cisco / evolved_programmable_network_manager	2.0	2.0.x
cisco / prime_infrastructure	1.2	1.2.x
cisco / prime_infrastructure	1.3	1.3.x
cisco / prime_infrastructure	1.4	1.4.x
cisco / prime_infrastructure	3.0	3.0.x
cisco / prime_infrastructure	3.1	3.1.x
cisco / prime_infrastructure	2.0	2.0.x

Vulnerability Database

289,599

CVE-2016-6443