Functional issues let remediation solution require fallback – Cisco Prime License Manager SQL Injection Vulnerability 10th Dec 2018

Background:
On 28th Nov 2018, a SQL injection vulnerability found on Cisco Prime License Manager. Vendor (Cisco) with immediate action release the patch to remediate this design weakness.

Technical issue found on patch:
Update (2018-December-10): Installing the ciscocm.CSCvk30822_v1.0.k3.cop.sgn patch may cause functional issues. Workarounds are available for some of these issues. Rolling back this patch as described in the Fixed Releases section will correct these functional issues, but the device will be affected by this vulnerability again when the patch is not in place. See the Fixed Releases section for details.
An official announcement in regard to this issue.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181128-plm-sql-inject

So what is the next action of customer:

USING SIEM EVENT CORRELATION TO DETECT SQL INJECTION & XSS ATTACK.

We can detect SQL injection following the methods below.

1. Network IDS spotting SQL injection

2. Host IDS detecting SQL injection by watching file activity