← Back

CVE-2018-15444

nvd nist
Published: Nov 8, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.3
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Exploitability: 2.1 / Impact: 5.2
Source: NVD

Description

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.

Affected (1)

Cisco
1 product
Energy Management Suite Software
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Energy Management Suite Software
All versions

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Broken LinkVendor Advisory
Source: psirt@cisco.com
ExploitMitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMitigationThird Party Advisory

Timeline

No history available yet.