5.7
CVE-2018-0414
- EPSS 0.34%
- Veröffentlicht 05.10.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:10
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginCisco Secure Access Control Server XML External Entity Injection Vulnerability
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Secure Access Control Server Solution Engine Version < 5.8
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Update-
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep1
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep2
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep3
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep4
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep5
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep6
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep7
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep8
Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.569 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.7 | 2.1 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.