HomePentest-Tools.com Logo

Cisco Identity Services Engine SQL Injection Vulnerability CVE-2017-3835

Severity
CVSSv3 Score
8.8
Vulnerability description

A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users.

Risk description

The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by using SQL injection techniques in crafted HTTP POST requests to an affected system. A successful exploit could allow the attacker to view or delete notices owned by other users of the system. The notices may contain guest credentials in clear text.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 22, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available