CVE-2016-1358: Buffer Overflow
First published: Thu Mar 03 2016(Updated: )
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Infrastructure | =2.2 | |
| Cisco Prime Infrastructure | =3.0 | |
| Cisco Prime Infrastructure | =3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1358?
CVE-2016-1358 is rated as a medium severity vulnerability.
How can CVE-2016-1358 be exploited?
CVE-2016-1358 can be exploited by remote authenticated users to read arbitrary files or potentially cause a denial of service via crafted XML documents.
Which versions of Cisco Prime Infrastructure are affected by CVE-2016-1358?
CVE-2016-1358 affects Cisco Prime Infrastructure versions 2.2, 3.0, and 3.1.
How do I fix CVE-2016-1358?
To fix CVE-2016-1358, update to the latest patched version of Cisco Prime Infrastructure as recommended by Cisco.
What is the nature of the vulnerability described in CVE-2016-1358?
CVE-2016-1358 is an XML External Entity (XXE) vulnerability that allows for file read access and denial of service.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco prime infrastructure
- version/cisco prime infrastructure/2.2
- version/cisco prime infrastructure/3.0
- version/cisco prime infrastructure/3.1