CVE-2017-12227: SQL Injection
First published: Thu Sep 07 2017(Updated: )
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Emergency Responder |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12227?
The severity of CVE-2017-12227 is rated as high due to its potential to allow remote attackers to execute blind SQL injection attacks.
How do I fix CVE-2017-12227?
To fix CVE-2017-12227, apply the latest software update released by Cisco for the Emergency Responder product.
What type of attack can be executed using CVE-2017-12227?
CVE-2017-12227 allows for blind SQL injection attacks that could compromise the SQL database interface.
Who is affected by CVE-2017-12227?
CVE-2017-12227 affects users of Cisco Emergency Responder who have not implemented the recommended security updates.
What causes the vulnerability CVE-2017-12227?
CVE-2017-12227 is caused by a failure to properly validate user-supplied input used in SQL queries.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/cisco
- canonical/cisco emergency responder