Xxe

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

CVE-2018-0218

CVE-2018-0218 affects Cisco Secure Access Control Server (ACS) web UI prior to 5.8 patch 9. The issue arises from improper handling of XML External Entities (XXEs) when parsing XML files, enabling an unauthenticated, remote attacker to read information from the system. Connected sources identify ...