CVE-2018-15444

Sažetak

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.

Reference

http://www.securityfocus.com/bid/105860
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-ems-xml-xxe
https://www.tenable.com/security/research/tra-2018-36

CVSS

Base:	4.9
Impact:	4.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:35

Objavljeno

08-11-2018 - 18:29