Описание
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.
Ссылки
- Third Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- ExploitMitigationThird Party Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
EPSS
6.3 Medium
CVSS3
7.3 High
CVSS3
4.9 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.
Уязвимость веб-интерфейса средства управления использования электроэнергии Cisco Energy Management Suite, связаная с неверным ограничением XML-ссылок на внешние объекты (XXE), позволяющая нарушителю раскрыть или модифицировать защищаемую информацию
EPSS
6.3 Medium
CVSS3
7.3 High
CVSS3
4.9 Medium
CVSS2