CVE-2017-6895

CRITICAL

USB Pratirodh - XML External Entity Injection via usb.xml

Title source: llm
STIX 2.1

Description

USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml.

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Mar/42
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/141652/USB-Pratirodh-XXE-Injection.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96936

Scores

CVSS v3 9.8
EPSS 0.0302
EPSS Percentile 85.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (1)
usb_pratirodh_project/usb_pratirodh
Published Mar 23, 2017
Tracked Since Feb 18, 2026