var-201304-0268
Vulnerability from variot
Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. Vendors have confirmed this vulnerability Bug ID CSCue14553 , CSCue38746 It is released as.By any third party SQL The command may be executed. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0268",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected grid network management system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "connected grid network management system",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0(42)"
},
{
"model": "connected grid network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "58804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:connected_grid_network_management_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by the vendor.",
"sources": [
{
"db": "BID",
"id": "58804"
}
],
"trust": 0.3
},
"cve": "CVE-2013-1163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-1163",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-61165",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1163",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-1163",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-003",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-61165",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61165"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. Vendors have confirmed this vulnerability Bug ID CSCue14553 , CSCue38746 It is released as.By any third party SQL The command may be executed. \nAn attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1163"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "BID",
"id": "58804"
},
{
"db": "VULHUB",
"id": "VHN-61165"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1163",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-003",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130401 CISCO CONNECTED GRID NETWORK MANAGEMENT SYSTEM SQL INJECTION VULNERABILITIES",
"trust": 0.6
},
{
"db": "BID",
"id": "58804",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-61165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61165"
},
{
"db": "BID",
"id": "58804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"id": "VAR-201304-0268",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61165"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:09:59.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Connected Grid Network Management System SQL Injection Vulnerabilities",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1163"
},
{
"title": "28763",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28763"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61165"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1163"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1163"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1163"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps12360/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61165"
},
{
"db": "BID",
"id": "58804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-61165"
},
{
"db": "BID",
"id": "58804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-61165"
},
{
"date": "2013-04-01T00:00:00",
"db": "BID",
"id": "58804"
},
{
"date": "2013-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"date": "2013-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"date": "2013-04-01T19:55:01.263000",
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-61165"
},
{
"date": "2013-04-01T00:00:00",
"db": "BID",
"id": "58804"
},
{
"date": "2013-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002111"
},
{
"date": "2013-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-003"
},
{
"date": "2024-11-21T01:49:01.543000",
"db": "NVD",
"id": "CVE-2013-1163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Connected Grid Network Management System In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002111"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-003"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…