Lucene search
CiscoCVELIST:CVE-2018-0207HistoryMar 08, 2018 - 7:00 a.m.
CVE-2018-0207
2018-03-0807:00:00
CWE-200
cisco
www.cve.org
4
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595.
CNA Affected
[
{
"product": "Cisco Secure Access Control Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Secure Access Control Server"
}
]
}
]Related
prion
prion
Xxe
2018-03-08 07:29:00
nvd
nvd
CVE-2018-0207
2018-03-08 07:29:00
ptsecurity
ptsecurity
PT-2018-30: XXE Injection in Cisco Secure ACS
2017-01-06 00:00:00
cve
cve
CVE-2018-0207
2018-03-08 07:29:00
cisco
cisco
Cisco Secure Access Control Server XML External Entity Injection Vulnerability
2018-03-07 16:00:00