SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Cisco Secure Access Control System Vendors:   Cisco
Cisco Secure Access Control System XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1041688
SecurityTracker URL:  http://securitytracker.com/id/1041688
CVE Reference:   CVE-2018-0414   (Links to External Site)
Date:  Sep 20 2018
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco Secure Access Control System. A remote user can conduct XML external entity attacks to obtain files on the target system.

A remote user can create specially crafted XML External Entity (XXE) data that, when loaded by the target authenticated administrator, will read files on the target system with the privileges of the target service.

The vendor has assigned bug ID CSCvi85318 to this vulnerability.

Piotr Domirski reported this vulnerability.

Impact:   A remote user can read files on the target system with the privileges of the target service.
Solution:   The vendor has issued a fix (5.8 patch 10).

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC