CVE-2020-3339 (CNNVD-202006-361)
中文标题:
Cisco Prime Infrastructure Software SQL注入漏洞
英文标题:
Cisco Prime Infrastructure SQL Injection Vulnerability
漏洞描述
中文描述:
Cisco Prime Infrastructure Software是美国思科(Cisco)公司的一套基础网络生命周期管理解决方案。该产品集成了Cisco Prime LAN Management Solution(LMS)和Cisco Prime Network Control System(NCS)。 Cisco Prime Infrastructure Software 3.7.1 Update 01之前版本和3.8 Update 02之前版本中的基于Web的管理界面存在SQL注入漏洞,该漏洞源于程序未正确验证用户提交的参数。攻击者可通过对应用程序进行身份验证并将恶意请求发送到受影响的系统利用该漏洞获得和修改存储在底层数据库中的敏感信息。
英文描述:
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Prime Infrastructure | n/a | - | - |
cpe:2.3:a:cisco:cisco_prime_infrastructure:n_a:*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | * | - | - |
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
|
| cisco | prime_infrastructure | 3.8 | - | - |
cpe:2.3:a:cisco:prime_infrastructure:3.8:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2020-3339 |
2025-11-11 15:20:37 | 2025-11-11 07:36:19 |
| NVD | nvd_CVE-2020-3339 |
2025-11-11 14:56:59 | 2025-11-11 07:44:43 |
| CNNVD | cnnvd_CNNVD-202006-361 |
2025-11-11 15:10:26 | 2025-11-11 07:56:15 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> SQL注入
- cnnvd_id: 未提取 -> CNNVD-202006-361
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']