Sign-up

ID

VAR-201304-0268


CVE

CVE-2013-1163


TITLE

Cisco Connected Grid Network Management System In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002111

DESCRIPTION

Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. Vendors have confirmed this vulnerability Bug ID CSCue14553 , CSCue38746 It is released as.By any third party SQL The command may be executed. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database

Trust: 1.98

sources: NVD: CVE-2013-1163 // JVNDB: JVNDB-2013-002111 // BID: 58804 // VULHUB: VHN-61165

AFFECTED PRODUCTS

vendor:ciscomodel:connected grid network management systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:connected grid network management systemscope:eqversion:1.0(42)

Trust: 0.8

vendor:ciscomodel:connected grid network management systemscope:eqversion:0

Trust: 0.3

sources: BID: 58804 // JVNDB: JVNDB-2013-002111 // CNNVD: CNNVD-201304-003 // NVD: CVE-2013-1163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1163
value: HIGH

Trust: 1.0

NVD: CVE-2013-1163
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201304-003
value: HIGH

Trust: 0.6

VULHUB: VHN-61165
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1163
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61165
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61165 // JVNDB: JVNDB-2013-002111 // CNNVD: CNNVD-201304-003 // NVD: CVE-2013-1163

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-61165 // JVNDB: JVNDB-2013-002111 // NVD: CVE-2013-1163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-003

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201304-003

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002111

PATCH
title:Cisco Connected Grid Network Management System SQL Injection Vulnerabilitiesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163
Trust: 0.8
title:28763url:http://tools.cisco.com/security/center/viewAlert.x?alertId=28763
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002111

EXTERNAL IDS
db:NVDid:CVE-2013-1163
Trust: 2.8
db:JVNDBid:JVNDB-2013-002111
Trust: 0.8
db:CNNVDid:CNNVD-201304-003
Trust: 0.7
db:CISCOid:20130401 CISCO CONNECTED GRID NETWORK MANAGEMENT SYSTEM SQL INJECTION VULNERABILITIES
Trust: 0.6
db:BIDid:58804
Trust: 0.4
db:VULHUBid:VHN-61165
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61165 // 
            
            
            
            BID: 58804 // 
            
            
            
            JVNDB: JVNDB-2013-002111 // 
            
            
            
            CNNVD: CNNVD-201304-003 // 
            
            
            
            NVD: CVE-2013-1163

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1163
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1163
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1163
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps12360/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61165 // 
            
            
            
            BID: 58804 // 
            
            
            
            JVNDB: JVNDB-2013-002111 // 
            
            
            
            CNNVD: CNNVD-201304-003 // 
            
            
            
            NVD: CVE-2013-1163

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 58804

SOURCES
db:VULHUBid:VHN-61165
db:BIDid:58804
db:JVNDBid:JVNDB-2013-002111
db:CNNVDid:CNNVD-201304-003
db:NVDid:CVE-2013-1163

LAST UPDATE DATE
2024-11-23T23:09:59.993000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61165date:2013-04-02T00:00:00
db:BIDid:58804date:2013-04-01T00:00:00
db:JVNDBid:JVNDB-2013-002111date:2013-04-03T00:00:00
db:CNNVDid:CNNVD-201304-003date:2013-04-03T00:00:00
db:NVDid:CVE-2013-1163date:2024-11-21T01:49:01.543

SOURCES RELEASE DATE
db:VULHUBid:VHN-61165date:2013-04-01T00:00:00
db:BIDid:58804date:2013-04-01T00:00:00
db:JVNDBid:JVNDB-2013-002111date:2013-04-03T00:00:00
db:CNNVDid:CNNVD-201304-003date:2013-04-02T00:00:00
db:NVDid:CVE-2013-1163date:2013-04-01T19:55:01.263