CVE-2013-1177

EUVD-2013-1217
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
cisconetwork_admission_control_manager_and_server_system_software
𝑥
≤ 4.8.3
cisconetwork_admission_control_manager_and_server_system_software
4.8.0
cisconetwork_admission_control_manager_and_server_system_software
4.8.1
cisconetwork_admission_control_manager_and_server_system_software
4.8.2
cisconetwork_admission_control_manager_and_server_system_software
4.9.0
cisconetwork_admission_control_manager_and_server_system_software
4.9.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac