Remote Code Execution Vulnerability in Cisco Secure Access Control Server
CVE-2018-0218
3.3LOW
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 8 March 2018
What is CVE-2018-0218?
A vulnerability exists in the web-based user interface of Cisco Secure Access Control Server versions prior to 5.8 patch 9, allowing an unauthenticated remote attacker to gain unauthorized read access to system information. This weakness arises from improper handling of XML External Entities (XXEs) during XML file parsing. By convincing an administrator to import a specially crafted XML file, an attacker could exploit the vulnerability to expose sensitive data.
Affected Version(s)
Cisco Secure Access Control Server Cisco Secure Access Control Server