A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105289 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041688 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe | Vendor Advisory |
http://www.securityfocus.com/bid/105289 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041688 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/105289 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1041688 - Third Party Advisory, VDB Entry | |
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe - Vendor Advisory |
Information
Published : 2018-10-05 14:29
Updated : 2024-11-21 03:38
NVD link : CVE-2018-0414
Mitre link : CVE-2018-0414
CVE.ORG link : CVE-2018-0414
JSON object : View
Products Affected
cisco
- secure_access_control_server_solution_engine
CWE
CWE-611
Improper Restriction of XML External Entity Reference