CVE-2017-3839

4.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Access Control System
Vendor: CVE Published:; 22 February 2017

Summary

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).

Affected Version(s)

Cisco Secure Access Control System Cisco Secure Access Control System

References

http://www.securityfocus.com/bid/96236

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1037836

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2017
Vulnerability Reserved
Dec 21, 2016

.