CVE-2017-3839: XEE
First published: Wed Feb 22 2017(Updated: )
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Access Control System | =5.8\(2.5\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3839?
CVE-2017-3839 has been classified with a medium severity rating due to its potential to expose sensitive information.
How do I fix CVE-2017-3839?
To fix CVE-2017-3839, it is recommended to upgrade to a patched version of the Cisco Secure Access Control System, specifically version 5.8(2.6) or later.
What type of vulnerability is CVE-2017-3839?
CVE-2017-3839 is classified as an XML External Entity (XXE) vulnerability affecting the web-based user interface of Cisco ACS.
Who is affected by CVE-2017-3839?
Cisco Secure Access Control System versions 5.8(2.5) and prior are affected by CVE-2017-3839.
Can CVE-2017-3839 be exploited remotely?
Yes, CVE-2017-3839 can be exploited remotely by unauthenticated attackers to gain unauthorized read access to sensitive information.
- collector/nvd-index
- agent/severity
- agent/author
- vendor/cisco
- canonical/cisco secure access control system
- version/cisco secure access control system/5.8\(2.5\)