Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-187.120518: TT-CSIRT Advisory – Cisco Security Updates

5th December 2018

Cisco has released a security update stating that it has discovered a vulnerability in the web framework code of Cisco Prime License Manager (PLM) which could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.

This is due to a lack of proper validation of user-supplied input in SQL queries and as a result, an attacker could exploit this vulnerability by sending crafted HTTP POST requests that contain malicious SQL statements to an affected application.

Further information on this vulnerability and how it can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject