CVE-2018-0108: XEE
First published: Thu Jan 18 2018(Updated: )
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Webex Meetings Server Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0108?
CVE-2018-0108 is classified as a medium severity vulnerability.
How do I fix CVE-2018-0108?
To mitigate CVE-2018-0108, update to the latest version of Cisco WebEx Meetings Server that addresses this vulnerability.
Who is affected by CVE-2018-0108?
CVE-2018-0108 affects users of Cisco WebEx Meetings Server.
What type of attack can be executed with CVE-2018-0108?
CVE-2018-0108 allows an attacker to perform an out-of-band XML External Entity (XXE) injection.
What information can be collected through CVE-2018-0108?
Exploitation of CVE-2018-0108 can lead to the unauthorized collection of customer files.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/references
- agent/author
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco webex meetings server software