XML External Entity Vulnerability in Cisco's Security Monitoring, Analysis, and Response System
CVE-2013-1140
Currently unrated
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 6 March 2013
What is CVE-2013-1140?
The XML parser in Cisco's Security Monitoring, Analysis, and Response System (MARS) has a vulnerability that allows remote attackers to exploit XML External Entity (XXE) configurations. By using an external entity declaration alongside an entity reference, attackers can read arbitrary files from the system, potentially leading to sensitive information disclosure. This issue has been identified and tracked as Bug ID CSCue55093.