CVE-2020-3256XML External Entity (XXE) Injection in Cisco Hosted Collaboration Mediation Fulfillment

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 43.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Hosted Collaboration Mediation FulfillmentCisco Hosted Collaboration Mediation Fulfillment
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vul

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-j23c-hpx8-w7p9: A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticate2022-05-24
CVEList
Cisco Hosted Collaboration Mediation Fulfillment XML External Expansion Vulnerability2020-05-06

📋Vendor Advisories

1
Cisco
Cisco Hosted Collaboration Mediation Fulfillment XML External Expansion Vulnerability2020-05-06
CVE-2020-3256 — XML External Entity (XXE) Injection | cvebase