漏洞标题
思科Firepower Management Center SQL注入漏洞
漏洞描述信息
思科Firepower Management Center SQL注入漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco Firepower Management Center SQL Injection Vulnerabilities
漏洞描述信息
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device.
CVSS信息
N/A
漏洞类别
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
漏洞标题
Cisco Firepower Management Center SQL注入漏洞
漏洞描述信息
Cisco Firepower Management Center(FMC)是美国思科(Cisco)公司的新一代防火墙管理中心软件。 Cisco FMC中的基于Web的管理界面存在SQL注入漏洞,该漏洞源于程序没有进行正确的输入验证。远程攻击者可通过发送特制的SQL查询利用该漏洞查看信息并在底层操作系统中执行命令。以下产品及版本受到影响:Cisco FMC 6.1.0之前版本,6.1.0版本,6.2.0版本,6.2.1版本,6.2.2版本。
CVSS信息
N/A
漏洞类别
SQL注入