CVE-2018-0414

EUVD-2018-1237
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
ciscosecure_access_control_server_solution_engine
𝑥
< 5.8
ciscosecure_access_control_server_solution_engine
5.8
ciscosecure_access_control_server_solution_engine
5.8:p1
ciscosecure_access_control_server_solution_engine
5.8:p2
ciscosecure_access_control_server_solution_engine
5.8:p3
ciscosecure_access_control_server_solution_engine
5.8:p4
ciscosecure_access_control_server_solution_engine
5.8:p5
ciscosecure_access_control_server_solution_engine
5.8:p6
ciscosecure_access_control_server_solution_engine
5.8:p7
ciscosecure_access_control_server_solution_engine
5.8:p8
ciscosecure_access_control_server_solution_engine
5.8:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105289
http://www.securitytracker.com/id/1041688
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe
http://www.securityfocus.com/bid/105289
http://www.securitytracker.com/id/1041688
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe