CVE-2018-3881

Published: Aug 1, 2018Modified: Nov 21, 2024

9.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Exploitability: 3.9 / Impact: 5.5

Source: NVD

Description

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.

Affected (1)

Products: Focalscope: Focalscope

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Focalscope Focalscope	Version 2416

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.