CVE-2016-1358Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Prime Infrastructure

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.5%
top 34.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Prime Infrastructure
Timeline
PublishedMar 3
Latest updateMay 14

Description

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

NVDcisco/prime_infrastructure2.2, 3.0, 3.1+2

🔴Vulnerability Details

2
GHSA
GHSA-w8jj-j97r-vm8v: Cisco Prime Infrastructure 22022-05-14
CVEList
CVE-2016-1358: Cisco Prime Infrastructure 22016-03-03

📋Vendor Advisories

1
Cisco
Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability2016-03-03
CVE-2016-1358 — Cisco vulnerability | cvebase