Adding Cisco CVE-2019-1825

2025-08-04 08:44:25 +00:00 · 2019-05-16 01:09:07 +00:00 · 2019-05-16 01:09:07 +00:00 · 3b552030cc
commit 3b552030cc
parent 647cadc63c
1 changed files with 75 additions and 4 deletions
--- a/2019/1xxx/CVE-2019-1825.json
+++ b/2019/1xxx/CVE-2019-1825.json
@ -1,8 +1,33 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@cisco.com",
+        "DATE_PUBLIC": "2019-05-15T16:00:00-0700",
        "ID": "CVE-2019-1825",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Cisco Prime Infrastructure ",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "3.4"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Cisco"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +36,54 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary SQL queries. This vulnerability exist because the software improperly validates user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the affected application. A successful exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data.  "
            }
        ]
+    },
+    "exploit": [
+        {
+            "lang": "eng",
+            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
+        }
+    ],
+    "impact": {
+        "cvss": {
+            "baseScore": "8.1",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N ",
+            "version": "3.0"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-89"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "20190515 Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerabilities",
+                "refsource": "CISCO",
+                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-sqlinject"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "cisco-sa-20190515-pi-sqlinject",
+        "defect": [
+            [
+                "CSCvo23576",
+                "CSCvo28734",
+                "CSCvo62268",
+                "CSCvo62275"
+            ]
+        ],
+        "discovery": "INTERNAL"
    }
-}
+}