SQL injection in Network Level Service - CVE-2016-6443
Published: October 12, 2016 / Updated: October 13, 2016
Vulnerability identifier: #VU939
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2016-6443
CWE-ID: CWE-89
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Network Level Service
Network Level Service
Detailed vulnerability description
The vulnerability allow a remote authenticated user to perform SQL injection attack and affect target system confidentiality.
The weakness is caused by insufficient validation of user-supplied input within SQL queries. By sending a specially crafted URLs containing malicious SQL statements, attackers can define database values.
Successful exploitation of the vulnerability will result in compromise of confidentiality. Repeated exploitation may cause denial of service on the vulnerable system.
The weakness is caused by insufficient validation of user-supplied input within SQL queries. By sending a specially crafted URLs containing malicious SQL statements, attackers can define database values.
Successful exploitation of the vulnerability will result in compromise of confidentiality. Repeated exploitation may cause denial of service on the vulnerable system.
How to mitigate CVE-2016-6443
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.