CVE-2017-3839

CWE-611 — XML External Entity (XXE)CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 39.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control System

Timeline

PublishedFeb 22

Latest updateMay 13

Description

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco_secure_access_control_systemCisco Secure Access Control System

▶NVDcisco/secure_access_control_system5.8\(2.5\)

🔴Vulnerability Details

GHSA

GHSA-vgvw-m3x5-grc3: An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, r↗2022-05-13

▶

CVEList

CVE-2017-3839: An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, r↗2017-02-22

▶

📋Vendor Advisories

Cisco

Cisco Secure Access Control System XML External Entity Vulnerability↗2017-02-15

▶