|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-6754
|CWE ID|| CWE-89
|Public exploit||Not available|
Cisco Smart Net Total Care
|Vulnerable software versions||
Cisco Smart Net Total Care 3.11
|Vendor URL||Cisco Systems, Inc|
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance due to improper validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. A remote attacker can send specially crafted URLs dand determine the presence of values in the SQL database.
Install update from vendor's website.