CVE-2016-1393

EUVD-2016-2492
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
ciscocloud_network_automation_provisioner
1.0
ciscocloud_network_automation_provisioner
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160510-cnap
http://www.securityfocus.com/bid/90519
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160510-cnap
http://www.securityfocus.com/bid/90519