XML External Entity Vulnerability in Cisco Prime Service Catalog
CVE-2015-0581

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Service Catalog
Vendor: CVE Published:; 28 January 2015

Summary

The XML parser in Cisco Prime Service Catalog versions before 10.1 is vulnerable to an XML External Entity (XXE) attack, which allows remote authenticated users to exploit the sensitivity of the system. This vulnerability can permit attackers to read arbitrary files from the server and potentially lead to denial of service by exhausting CPU and memory resources. Exploits may involve manipulating external entity declarations to gain unauthorized access to private information or disrupt service functions.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/72350

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1031658

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 28, 2015
Vulnerability Reserved
Jan 7, 2015