CVE-2011-3288

HIGH

Cisco Unified Presence < 8.5\(4\) - XML Entity Expansion

Title source: rule

Description

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.

References (2)

[Vendor Advisory] https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110928-xcpcupsxml.html

[Not Applicable] http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtml

Scores

CVSS v3 7.5

EPSS 0.0053

EPSS Percentile 67.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-776

Status published

Products (1)

cisco/unified_presence < 8.5\(4\)

Published Oct 06, 2011

Tracked Since Feb 18, 2026