CVE-2016-6408
published 2016-09-24CVE-2016-6408: Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an…
PriorityP343high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.38%
68.7th percentile
Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_home | — | — |
| cisco | prime_home_web-based_user_interface_xml_external_entity | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_cisco4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
vendor_cisco·2016-09-21·CVSS 4.3
CVE-2016-6408 [MEDIUM] CWE-200 Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Prime Home could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system.
The vulnerability is due to improper handling of an XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted XML file to the affected system.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph
Cisco
Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
vendor_cisco
CVE-2016-6408 Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
CVE-2016-6408: Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
A vulnerability in the web-based user interface of Cisco Prime Home could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of an XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted XML file to the affected system. Cisco has released software updates that address this vulnerability.
CWE: CWE-200, CWE-200
Bug IDs: CSCvb17814
GHSA
GHSA-6wf4-jjm2-2xr7: Cisco Prime Home 5
ghsa_unreviewed·2022-05-17
CVE-2016-6408 [HIGH] CWE-611 GHSA-6wf4-jjm2-2xr7: Cisco Prime Home 5
Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-09-24
Published