XML External Entity Vulnerability in Cisco's Security Monitoring, Analysis, and Response System
CVE-2013-1140

Currently unrated

Key Information:

Vendor: Cisco
Status: Security Monitoring Analysis And Response System
Vendor: CVE Published:; 6 March 2013

Summary

The XML parser in Cisco's Security Monitoring, Analysis, and Response System (MARS) has a vulnerability that allows remote attackers to exploit XML External Entity (XXE) configurations. By using an external entity declaration alongside an entity reference, attackers can read arbitrary files from the system, potentially leading to sensitive information disclosure. This issue has been identified and tracked as Bug ID CSCue55093.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 6, 2013