CVE-2018-15444

Published: Nov 08, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2018-7322 Aliases: GSD-2018-15444
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: low
Availability: none
MEDIUM 4,9
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: none

Description

AI Translation Available

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0131
Percentile
0,8th
Updated

EPSS Score Trend (Last 91 Days)

611

Improper Restriction of XML External Entity Reference

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Read Application Data Read Files Or Directories Bypass Protection Mechanism Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory)
Applicable Platforms
Languages: Not Language-Specific, XML
Technologies: Not Technology-Specific, Web Based
View CWE Details
Application

Energy Management Suite Software by Cisco

Product Information
Vendor Cisco
Product Energy Management Suite Software
Version -
cpe:2.3:a:cisco:energy_management_suite_software:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://tools.cisco.com/security/center/content/CiscoSecuri…
Broken Link Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
https://www.tenable.com/security/research/tra-2018-36
Exploit Mitigation Third Party Advisory
https://www.tenable.com/security/research/tra-2018-36
http://www.securityfocus.com/bid/105860
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105860
https://tools.cisco.com/security/center/content/CiscoSecuri…
Broken Link Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-…
https://www.tenable.com/security/research/tra-2018-36
Exploit Mitigation Third Party Advisory
https://www.tenable.com/security/research/tra-2018-36
http://www.securityfocus.com/bid/105860
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105860