XML External Entity Vulnerability in Cisco Prime Data Center Network Manager
CVE-2013-5490

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Data Center Network Manager
Vendor: CVE Published:; 23 September 2013

What is CVE-2013-5490?

The vulnerability in Cisco Prime Data Center Network Manager stems from the improper handling of XML External Entity declarations, which allows remote attackers to access sensitive arbitrary text files. This issue can be exploited through specially crafted XML input, potentially leading to unauthorized information disclosure. The affected versions prior to 6.2(1) are particularly susceptible, highlighting the importance of timely updates to mitigate risks associated with XML processing.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/87191

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/62485

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2013
Vulnerability Reserved
Aug 22, 2013