CVE-2017-3839
MEDIUMCisco Secure Access Control System 5.8(2.5) - XML External Entity Injection
Title source: llmDescription
An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5).
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96236
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037836
Scores
CVSS v3
4.3
EPSS
0.0155
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (2)
cisco/secure_access_control_system
5.8\(2.5\)
n/a/Cisco Secure Access Control System
Cisco Secure Access Control System
Published
Feb 22, 2017
Tracked Since
Feb 18, 2026