PT-2020-1879 · Cisco · Cisco Cloud Web Security

Published

2020-02-19

Updated

2020-02-24

CVE-2020-3154

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Cisco Cloud Web Security (CWS) (affected versions not specified)

Description A vulnerability in the web UI of Cisco Cloud Web Security could allow an authenticated, remote attacker to execute arbitrary SQL queries. This issue exists due to improper validation of SQL values in the web-based management interface. An authenticated attacker could exploit this by sending malicious requests to the affected device, potentially allowing them to modify or return values from the underlying database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2020-01155

CVE-2020-3154

Affected Products

Cisco Cloud Web Security

PT-2020-1879 · Cisco · Cisco Cloud Web Security

CVE-2020-3154

Weakness Enumeration

Related Identifiers

Affected Products

References · 4