cbcvebase.
CVE-2016-6408
published 2016-09-24

CVE-2016-6408: Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an…

PriorityP343high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.38%
68.7th percentile
Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.

Affected

2 ranges
VendorProductVersion rangeFixed in
ciscoprime_home
ciscoprime_home_web-based_user_interface_xml_external_entity

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.