CVE-2018-0414: Cisco Secure Access Control Server XML External Entity Injection Vulnerability
First published: Fri Oct 05 2018(Updated: )
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Access Control Server | <5.8 | |
| Cisco Secure Access Control Server | =5.8 | |
| Cisco Secure Access Control Server | =5.8-p1 | |
| Cisco Secure Access Control Server | =5.8-p2 | |
| Cisco Secure Access Control Server | =5.8-p3 | |
| Cisco Secure Access Control Server | =5.8-p4 | |
| Cisco Secure Access Control Server | =5.8-p5 | |
| Cisco Secure Access Control Server | =5.8-p6 | |
| Cisco Secure Access Control Server | =5.8-p7 | |
| Cisco Secure Access Control Server | =5.8-p8 | |
| Cisco Secure Access Control Server | =5.8-p9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0414?
CVE-2018-0414 is rated as a medium severity vulnerability.
What types of attacks can CVE-2018-0414 facilitate?
CVE-2018-0414 can allow an authenticated, remote attacker to gain unauthorized read access to sensitive information.
How do I remediate CVE-2018-0414?
To fix CVE-2018-0414, it is recommended to upgrade Cisco Secure Access Control Server to the latest available version.
What software versions are affected by CVE-2018-0414?
CVE-2018-0414 affects Cisco Secure Access Control Server versions prior to 5.8 and including all 5.8 patch versions.
What is the cause of the CVE-2018-0414 vulnerability?
The CVE-2018-0414 vulnerability is due to improper handling of XML External Entities (XXEs) during XML parsing.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure access control server
- version/cisco secure access control server/5.8
- version/cisco secure access control server/5.8-p1
- version/cisco secure access control server/5.8-p2
- version/cisco secure access control server/5.8-p3
- version/cisco secure access control server/5.8-p4
- version/cisco secure access control server/5.8-p5
- version/cisco secure access control server/5.8-p6
- version/cisco secure access control server/5.8-p7
- version/cisco secure access control server/5.8-p8
- version/cisco secure access control server/5.8-p9