Vulnerabilities > Cisco > Cloud Network Automation Provisioner > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-03 CVE-2016-1441 Improper Input Validation vulnerability in Cisco Cloud Network Automation Provisioner 1.0(0)
Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.
network
low complexity
cisco CWE-20
8.2
2016-05-12 CVE-2016-1393 SQL Injection vulnerability in Cisco Cloud Network Automation Provisioner 1.0/1.1
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
network
low complexity
cisco CWE-89
7.1