E20-7rdc1
CVSS:
7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
3
Year:
2019
Description
This strike exploits a SQL injection vulnerability in Cisco Data Center Network Manager.
The vulnerability is due to insufficient input validation when processing HTTP requests within the 'getConfigTemplateFileName' method pertaining to the 'ConfigTemplateHandler' Java class.
An authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server.
Successful exploitation could result in the code execution under the security context of the database process.
CVE
References
Metasploit
http://www.zerodayinitiative.com/advisories/ZDI-20-111
Zdi
20-111