Lucene search

CiscoCVE-2016-6408

HistorySep 24, 2016 - 1:59 a.m.

CVE-2016-6408

2016-09-2401:59:00

CWE-611

cisco

web.nvd.nist.gov

cisco

prime home 5.2.0

remote attackers

arbitrary files

xml

entity declaration

xxe issue

bug id cscvb17814

security vulnerability

cve-2016-6408

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

64.5%

JSON

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.

Affected configurations

Nvd

Node

ciscoprime_homeMatch5.2.0

VendorProductVersionCPE
ciscoprime_home5.2.0cpe:2.3:a:cisco:prime_home:5.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_home	5.2.0	cpe:2.3:a:cisco:prime_home:5.2.0:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph

www.securityfocus.com/bid/93092

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

64.5%

JSON

Related for CVE-2016-6408