What is the severity of CVE-2019-1825?

CVE-2019-1825 has a severity rating of 8.1 (high).

How does CVE-2019-1825 occur?

CVE-2019-1825 occurs because the software improperly validates user-supplied input in the web-based management interface, allowing an attacker to execute SQL queries.

Which software versions are affected by CVE-2019-1825?

Cisco Evolved Programmable Network Manager up to version 3.0.1, Cisco Network Level Service version 3.0 (0.0.83b), and Cisco Prime Infrastructure up to version 3.4.1 are affected by CVE-2019-1825.

How can I fix CVE-2019-1825?

Update your Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager software to a version that includes the necessary security patch or fix provided by Cisco.

Vulnerability/
CVE-2019-1825

high

8.1

CWE

16/5/2019

9/10/2019

CVE-2019-1825: SQL Injection

Q: What is CVE-2019-1825?

CVE-2019-1825 is a vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager that allows an authenticated, remote attacker to execute arbitrary SQL queries.

First published: Thu May 16 2019(Updated: )

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Evolved Programmable Network Manager	<3.0.1
Cisco Network Level Service	=3.0\(0.0.83b\)
Cisco Prime Infrastructure	<3.4.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-1825?
CVE-2019-1825 is a vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager that allows an authenticated, remote attacker to execute arbitrary SQL queries.
What is the severity of CVE-2019-1825?
CVE-2019-1825 has a severity rating of 8.1 (high).
How does CVE-2019-1825 occur?
CVE-2019-1825 occurs because the software improperly validates user-supplied input in the web-based management interface, allowing an attacker to execute SQL queries.
Which software versions are affected by CVE-2019-1825?
Cisco Evolved Programmable Network Manager up to version 3.0.1, Cisco Network Level Service version 3.0 (0.0.83b), and Cisco Prime Infrastructure up to version 3.4.1 are affected by CVE-2019-1825.
How can I fix CVE-2019-1825?
Update your Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager software to a version that includes the necessary security patch or fix provided by Cisco.

collector/nvd-index
agent/severity
agent/references
agent/author
agent/type
agent/event
agent/weakness
agent/tags
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/cisco
canonical/cisco evolved programmable network manager
canonical/cisco network level service
version/cisco network level service/3.0\(0.0.83b\)
canonical/cisco prime infrastructure

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.