CVE-2016-6443

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure and Evolved Programmable Network Manager versions 1.2(400), 2.0(1.0.34A), 3.1(0.128)

Description A vulnerability in the SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries, potentially causing product instability.

Recommendations For version 1.2(400), update to a version that includes the fix for this issue. For version 2.0(1.0.34A), update to a version that includes the fix for this issue. For version 3.1(0.128), update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SQL database interface to minimize the risk of exploitation.