CVE-2017-6662

CWE-20 — Improper Input Validation CWE-611 — XML External Entity (XXE)6 documents5 sources

Severity

8.0HIGH

EPSS

0.9%

top 23.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure

Timeline

PublishedJun 26

Latest updateMay 14

Description

A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cisco_prime_infrastructure_and_evolved_programmable_network_managerCisco Prime Infrastructure and Evolved Programmable Network Manager

▶NVDcisco/prime_infrastructure22 versions+21

▶NVDcisco/evolved_programmable_network_manager8 versions+7

🔴Vulnerability Details

GHSA

GHSA-9h75-c39j-rxjx: A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an auth↗2022-05-14

▶

CVEList

CVE-2017-6662: A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an auth↗2017-06-26

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability↗2017-06-21

▶