CVE-2015-2849

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.kb.cert.org/vuls/id/485324	US Government Resource Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:antlabs:inngate_ig_3100:-:::::::*
	cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:::::::*
	cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:::::::*
	cpe:2.3:h:antlabs:inngate_ssg_4:-:::::::*
	cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:::::::*
	cpe:2.3:h:antlabs:inngate_sg_4:-:::::::*

Information

Published : 2015-07-07 07:59

Updated : 2015-07-08 14:46

NVD link : CVE-2015-2849

Mitre link : CVE-2015-2849

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Products Affected

antlabs

inngate_ssg_4
inngate_ig_3.10_e
inngate_sg_4
inngate_ig_3100
inngate_ig_3.10_m
inngate_ig_3.01_e

7.5 /10