Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-6754

EPSS 0.26% · P49
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-6754

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. The vulnerability is due to insufficient input validation of certain user-supplied fields that are subsequently used by the affected software to build SQL queries. An attacker could exploit this vulnerability by submitting crafted URLs, which are designed to exploit the vulnerability, to the affected software. To execute an attack successfully, the attacker would need to submit a number of requests to the affected software. A successful exploit could allow the attacker to determine the presence of values in the SQL database of the affected software. Cisco Bug IDs: CSCvf07617.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Smart Net Total Care Software Collector Appliance SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Smart Net Total Care (SNTC) Software Collector Appliance是美国思科(Cisco)公司的一款智能网络保护服务中的软件映像采集设备。 Cisco SNTC Software Collector Appliance 3.11版本中的基于Web的管理界面存在SQL注入漏洞,该漏洞源于程序没有充分的对用户提交的字段执行充分的输入验证。远程攻击者可通过提交特制的URL利用该漏洞确定受影响软件的SQL数据库中的值是否存在。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Cisco Smart Net Total Care Software Collector Appliance Cisco Smart Net Total Care Software Collector Appliance -

II. Public POCs for CVE-2017-6754

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-6754

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-08-07 · 117 CVEs total

CVE-2017-12654ImageMagick 缓冲区错误漏洞
CVE-2015-7704NTP 安全漏洞
CVE-2015-7702NTP 拒绝服务漏洞
CVE-2015-7701NTP 拒绝服务漏洞
CVE-2015-7692NTP 拒绝服务漏洞
CVE-2015-7691NTP 拒绝服务漏洞
CVE-2015-7571Yeager 任意文件上传漏洞
CVE-2015-5946SugarCRM 安全漏洞
CVE-2015-5244mod_nss 安全绕过漏洞
CVE-2014-9831ImageMagick 安全漏洞
CVE-2014-9830ImageMagick 安全漏洞
CVE-2014-9828ImageMagick 安全漏洞
CVE-2014-9827ImageMagick 安全漏洞
CVE-2014-3462EncFS 信息泄露漏洞
CVE-2014-1235Graphviz‘yyerror()’函数基于栈的缓冲区溢出漏洞
CVE-2014-9262Wordpress Duplicator 安全漏洞
CVE-2015-3839Android 安全漏洞
CVE-2015-1555Zend Framework 安全漏洞
CVE-2015-1378Debian 安全漏洞
CVE-2015-7561Red Hat OpenShift3 Kubernetes 安全漏洞

Showing top 20 of 117 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-89

V. Comments for CVE-2017-6754

No comments yet

Leave a comment