First published: Thu Jul 16 2020(Updated: )
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Sd-wan Firmware | <=19.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-3468.
CVE-2020-3468 has a severity level of medium (5.4).
The vulnerability occurs due to improper validation of values within SQL queries in the web-based management interface of Cisco SD-WAN vManage Software, allowing an authenticated, remote attacker to conduct SQL injection attacks.
The vulnerability affects Cisco SD-WAN Firmware versions up to and including 19.2.2.
The Common Weakness Enumeration (CWE) ID associated with this vulnerability is CWE-89.