Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Secure Access Control System XML External Entity Vulnerability

cisco-sa-20170215-acs1 · Medium · Published · Updated

A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by submitting a crafted XML header to the affected device web framework. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3839
Cisco Bug IDsCSCvc04845
CVSS ScoreBase 4.3
Base 4.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Access Control System (ACS)

Related Products

Product CVE Evidence
Cisco Secure Access Control System (ACS) CVE-2017-3839 Cisco OpenVuln