CVE-2021-1530XML External Entity (XXE) Injection in Cisco Broadworks

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
7.1HIGHNVD
CNA5.4
EPSS
0.4%
top 36.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco BroadworksCisco Broadworks Messaging Server
Timeline
PublishedMay 6
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A succ

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5cisco/cisco_broadworksn/a

🔴Vulnerability Details

2
GHSA
GHSA-fv3h-9947-8cpj: A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to a2022-05-24
CVEList
Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability2021-05-06

📋Vendor Advisories

1
Cisco
Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability2021-05-05
CVE-2021-1530 — XML External Entity (XXE) Injection | cvebase