Vulnerability Description
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Energy Management Suite Software | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105860Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Broken LinkVendor Advisory
- https://www.tenable.com/security/research/tra-2018-36ExploitMitigationThird Party Advisory
- http://www.securityfocus.com/bid/105860Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Broken LinkVendor Advisory
- https://www.tenable.com/security/research/tra-2018-36ExploitMitigationThird Party Advisory
FAQ
What is CVE-2018-15444?
CVE-2018-15444 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on a...
How severe is CVE-2018-15444?
CVE-2018-15444 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15444?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Energy Management Suite Software.