CVE-2010-0147

SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/38619	Patch Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml	Patch Vendor Advisory
http://osvdb.org/62444
http://www.securityfocus.com/bid/38272
http://www.securitytracker.com/id?1023606
http://www.vupen.com/english/advisories/2010/0416	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56346

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:security_agent:6.0:::::::*
	cpe:2.3:a:cisco:security_agent:5.1:::::::*
	cpe:2.3:a:cisco:security_agent:5.2:::::::*

Information

Published : 2010-02-23 12:30

Updated : 2017-08-16 18:31

NVD link : CVE-2010-0147

Mitre link : CVE-2010-0147

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

cisco

security_agent

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/38619", "name": "38619", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml", "name": "20100217 Multiple Vulnerabilities in Cisco Security Agent", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://osvdb.org/62444", "name": "62444", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/38272", "name": "38272", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1023606", "name": "1023606", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2010/0416", "name": "ADV-2010-0416", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56346", "name": "cisco-sa-mgmtcenter-sql-injection(56346)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0147", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-02-23T20:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:security_agent:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:security_agent:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:security_agent:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:31Z"}

6.5 /10