CVE-2016-6443

high-risk

Published 2016-10-27

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A).

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (18)

Prime Infrastructure

Evolved Programmable Network Manager

Prime Infrastructure

Affected Vendors

Cisco

References (6)

Third Party Advisory http://www.securityfocus.com/bid/93522

Third Party Advisory http://www.securitytracker.com/id/1037006

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Third Party Advisory http://www.securityfocus.com/bid/93522

Third Party Advisory http://www.securitytracker.com/id/1037006

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 5/34 · Minimal

Exposure 19/34 · Moderate