CVE-2018-0414

EPSS 0.38%
Veröffentlicht 05.10.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:38:10
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Secure Access Control Server Solution Engine Version < 5.8

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Update-

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep1

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep2

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep3

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep4

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep5

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep6

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep7

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep8

Cisco ≫ Secure Access Control Server Solution Engine Version5.8 Updatep9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.588

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.7	2.1	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.securityfocus.com/bid/105289

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1041688

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0414

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0414

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0414

EUVD