An attacker could exploit this vulnerability by sending a crafted request to the API. The vulnerability is due to insufficient validation of user-supplied input to the API.
Vulnerability DetailsĬisco Data Center Network Manager REST API SQL Injection VulnerabilityĪ vulnerability in the REST API of Cisco DCNM could allow an authenticated, remote attacker with administrative privileges to execute arbitrary SQL commands on an affected device. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.ĭetails about the vulnerabilities are as follows. The vulnerabilities are not dependent on one another exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. Two vulnerabilities in the REST and SOAP API endpoints of Cisco DCNM could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device.
0 kommentar(er)
