CVE-2018-0207

CVE-2018-0207

Vendor N/A

Product Cisco Secure Access Control Server

Weakness CWE-200 · Info exposure

Published March 8, 2018

Last update December 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595.

Key dates

02Disclosure timeline

March 8, 2018 CVE published

December 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-0207 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

01Description

02Disclosure timeline

03References

04Related CVE