Sunday, February 9, 2025
HomeCyber Security NewsCisco Patched SQL Injection Vulnerability in Cisco Prime License Manager

Cisco Patched SQL Injection Vulnerability in Cisco Prime License Manager

Published on

SIEM as a Service

Follow Us on Google News

Cisco Patched a critical SQL Injection Vulnerability in Cisco Prime License Manager which allows an unauthenticated remote attacker to execute arbitrary SQL queries.

SQL injection is a code injection technique, in which attackers take non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.

The vulnerability with Cisco Prime License Manager is due to lack of proper validation with the user-supplied input SQL queries. An unauthenticated remote attacker could exploit the vulnerability by sending an HTTP post request that contains a malicious SQL query.

Successful exploitation of the vulnerability could allow an attacker to delete or modify arbitrary data or to gain privilege access as Postgres user. The vulnerability can be tracked as CVE-2018-15441 and Cisco released software updates to address the vulnerability.

The vulnerability affects Cisco Prime License Manager Releases 11.0.1 and above, Cisco Unified Communications Manager and Cisco Unity Connection Releases 12.0 and later are not affected, as the License Manager not included in these versions.

Cisco released a patch ciscocm.CSCvk30822_v1.0.k3.cop.sgn for Cisco Prime License Manager and can be applicable to Cisco Unified Communications Manager and Cisco Unity Connection 11.5(1) only, the customer who uses earlier release should update for 11.5(1) reads the Cisco Security advisory.

The patch file along with the instructions can be downloaded from here.

Related Read

Hackers Exploit Cisco Zero Day Vulnerability in Wild Resulting in DoS Condition

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Cisco Patched Critical Vulnerability With Video Surveillance Manager Appliance

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...