Description
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035181
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi
Scores
CVSS v3
6.4
EPSS
0.0129
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (3)
cisco/prime_infrastructure
2.2
cisco/prime_infrastructure
3.0
cisco/prime_infrastructure
3.1
Published
Mar 03, 2016
Tracked Since
Feb 18, 2026