CVE-2013-1163 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Cisco	Connected Grid Network Management System	-

Related Weaknesses (CWE)

CWE-89

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163Vendor Advisory

FAQ

What is CVE-2013-1163?

CVE-2013-1163 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via u...

How severe is CVE-2013-1163?

CVE-2013-1163 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1163?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Connected Grid Network Management System.