CVE-2019-1698

CWE-611XML External Entity (XXE)4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.7%
top 28.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOT Field Network Director (iot-fnd)Cisco IOT Field Network Director
Timeline
PublishedFeb 21
Latest updateMay 13

Description

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files wi

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_iot_field_network_director_(iot-fnd)unspecified4.4(0.26)

🔴Vulnerability Details

2
GHSA
GHSA-53cf-9pqv-xjxx: A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, re2022-05-13
CVEList
Cisco IoT Field Network Director XML External Entity Vulnerability2019-02-21

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director XML External Entity Vulnerability2019-02-20
CVE-2019-1698 (MEDIUM CVSS 4.9) | A vulnerability in the web-based us | cvebase.io