You are here

V-125: Cisco Connected Grid Network Management System Multiple Vulnerabilities

April 3, 2013 - 1:44am

Addthis

PROBLEM:

Cisco Connected Grid Network Management System Multiple Vulnerabilities

PLATFORM:

Cisco Connected Grid Network Management System 2.x

ABSTRACT:

Some vulnerabilities have been reported in Cisco Connected Grid Network Management System.

REFERENCE LINKS:

Cisco Security Notice CVE-2013-1163
Cisco Security Notice CVE-2013-1171
Secunia Advisory SA52834
SecurityTracker Alert ID:  1028374
SecurityTracker Alert ID:  1028373
CVE-2013-1163
CVE-2013-1171

IMPACT ASSESSMENT:

Medium

DISCUSSION:

1) Certain input related to the element list component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Certain input related to an entry field is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

IMPACT:

Cisco Connected Grid Network Management System can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

SOLUTION:

The vendor has issued a fix.

Addthis