Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0218

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616.

Published

2018-03-08T07:29:01.003

Last Modified

2024-11-21T03:37:45.400

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	secure_access_control_server_solution_engine	5.8\(0.8\)	Yes

References

http://www.securityfocus.com/bid/103345 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040470 Third Party Advisory, VDB Entry ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103345 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040470 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)