CVE-2018-0218
Summary
| CVE | CVE-2018-0218 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-08 07:29:00 UTC |
| Updated | 2020-09-04 17:58:00 UTC |
| Description | A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Secure Access Control Server Solution Engine | 5.8(0.8) | All | All | All |
| Application | Cisco | Secure Access Control Server Solution Engine | 5.8\(0.8\) | All | All | All |
| Application | Cisco | Secure Access Control Server Solution Engine | 5.8\(0.8\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Secure Access Control Server XML External Entity Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Secure Access Control Server XML External Entity Injection Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco Secure Access Control System XML External Entity Processing Flaws Let Remote Users Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.