Detections
Analytics

Cisco Network Admission Control Manager SQL Injection (cisco-sa-20130417-nac)

high Nessus Plugin ID 69789

Language:

Synopsis

The remote device is missing a vendor-supplied security update.

Description

The remote Cisco Network Admission Control (NAC) Manager may be affected by a SQL injection vulnerability. This vulnerability could allow an unauthenticated, remote attacker to take full control of the system (i.e. access, create or modify any information in the NAC Manager database).

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20130417-nac.

See Also

http://www.nessus.org/u?e865b61e

Plugin Details

Severity: High

ID: 69789

File Name: cisco-sa-20130417-nac.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 9/5/2013

Updated: 11/27/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2013-1177

Vulnerability Information

CPE: cpe:/a:cisco:network_admission_control_manager_and_server_system_software

Required KB Items: Host/Cisco/NAC/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2013

Vulnerability Publication Date: 4/17/2013

Reference Information

CVE: CVE-2013-1177

BID: 59271

CISCO-SA: cisco-sa-20130417-nac

IAVA: 2013-A-0095

CISCO-BUG-ID: CSCub23095