Cisco has fixed a vulnerability in Cisco Prime License Manager that could be exploited by a remote unauthenticated attacker to execute arbitrary SQL queries.
The flaw is caused by the lack of proper validation SQL queries provided in input by the users. The attacker could trigger the flaw by sending crafted HTTP POST requests containing malicious SQL statements to the vulnerable applications.
“A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.” reads the advisory.” reads the advisory published by Cisco.
“The vulnerability is due to a lack of proper validation of user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application. A successful exploit could allow the attacker to modify and delete arbitrary data in the PLM database or gain shell access with the privileges of the postgres user.”
The flaw was reported by Suhail Alaskar from Saudi Information Technology Company. The flaw affects the Prime License Manager releases 11.0.1 and later, it impacts both standalone deployments of Cisco Prime License Manager and coresident deployments, where Prime License Manager is installed automatically as part of the installation of Cisco Unified Communications Manager and Cisco Unity Connection, are affected.
Cisco Unified Communications Manager and Cisco Unity Connection Releases 12.0 and later are not affected by this flaw as Cisco Prime License Manager is no longer included in these releases.
The are no workarounds to address the flaw, Cisco released the patch ciscocm.CSCvk30822_v1.0.k3.cop.sgn to address the flaw in Prime License Manager.
“This vulnerability is fixed in Cisco Prime License Manager Release patch ciscocm.CSCvk30822_v1.0.k3.cop.sgn.” continues the company. “The same COP file can be used with standalone deployments of Cisco Prime License Manager as well as with coresident deployments as part of Cisco Unified Communications Manager and Cisco Unity Connection and with all affected versions.”
Cisco is not aware of attacks in the wild exploiting the flaw.