CVE-2018-15447: Cisco Integrated Management Controller Supervisor SQL Injection Vulnerability
First published: Thu Nov 08 2018(Updated: )
A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Integrated Management Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2018-15447.
What is the severity of CVE-2018-15447?
The severity of CVE-2018-15447 is critical with a score of 9.8.
How does the vulnerability in Cisco Integrated Management Controller (IMC) Supervisor occur?
The vulnerability in Cisco Integrated Management Controller (IMC) Supervisor occurs due to a lack of proper validation of user-supplied input in SQL queries.
What can an attacker do if they exploit CVE-2018-15447?
An attacker can execute arbitrary SQL queries if they exploit CVE-2018-15447.
How can I fix CVE-2018-15447?
To fix CVE-2018-15447, it is recommended to apply the patches provided by Cisco.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco integrated management controller