CVE-2018-0218

CVE Database · CVE-2018-0218

CVE-2018-0218

· LOWModified

CVSS v3.1

3.3

EPSS

1.53%

Published

Mar 8, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-611

Affected Products (1)

cisco · secure_access_control_server_solution_enginevulnerable

References (6)

http://www.securityfocus.com/bid/103345

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040470

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1