Lucene search

CiscoCVELIST:CVE-2019-1903

HistoryJun 20, 2019 - 3:10 a.m.

CVE-2019-1903 Cisco Security Manager XML Entity Expansion Vulnerability

2019-06-2003:10:26

CWE-611

cisco

www.cve.org

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.

CNA Affected

[
  {
    "product": "Cisco Security Manager",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "4.14(0.131)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108857

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-csm-xml

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

9.1

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Related for CVELIST:CVE-2019-1903