CVE-2016-1358

MEDIUM

Cisco Prime Infrastructure <3.1 - XXE

Title source: llm

Description

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035181

Scores

CVSS v3 6.4

EPSS 0.0049

EPSS Percentile 65.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (3)

cisco/prime_infrastructure

Timeline

Published Mar 03, 2016

Tracked Since Feb 18, 2026