Vulnerability Description
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server Solution Engine | < 5.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105289Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041688Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/105289Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041688Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0414?
CVE-2018-0414 is a vulnerability with a CVSS score of 5.7 (MEDIUM). A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerabil...
How severe is CVE-2018-0414?
CVE-2018-0414 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0414?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control Server Solution Engine.