CVE-2018-0414

CVE-2018-0414: Cisco Secure Access Control Server XML External Entity Injection Vulnerability

Vendor Cisco
Product Cisco Secure Access Control Server Solution Engine (ACSE)
Weakness CWE-611 · XXE
Published October 5, 2018
Last update November 26, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.

Key dates

02Disclosure timeline

October 5, 2018 CVE published
November 26, 2024 Record updated