| CVE ID | CVE-2013-1177 |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Cisco |
| AFFECTED PRODUCTS |
Clean Access Manager |
| VULNERABILITY DETAILS |
The specific flaw is in the handling of filter URL parameters when constructing SQL database queries. By specially crafting URL parameters, it is possible to influence the SQL queries to gain remote code execution on the affected system. |
| ADDITIONAL DETAILS |
Cisco has issued an update to correct this vulnerability. More details can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac |
| DISCLOSURE TIMELINE |
|
| CREDIT | Nenad Stojanovski |
