CVE-2018-0414

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
ciscosecure_access_control_server_solution_engine
𝑥
< 5.8
ciscosecure_access_control_server_solution_engine
5.8
ciscosecure_access_control_server_solution_engine
5.8:p1
ciscosecure_access_control_server_solution_engine
5.8:p2
ciscosecure_access_control_server_solution_engine
5.8:p3
ciscosecure_access_control_server_solution_engine
5.8:p4
ciscosecure_access_control_server_solution_engine
5.8:p5
ciscosecure_access_control_server_solution_engine
5.8:p6
ciscosecure_access_control_server_solution_engine
5.8:p7
ciscosecure_access_control_server_solution_engine
5.8:p8
ciscosecure_access_control_server_solution_engine
5.8:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105289
http://www.securitytracker.com/id/1041688
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe
http://www.securityfocus.com/bid/105289
http://www.securitytracker.com/id/1041688
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe