Cisco Secure Access Control Server XML External Entity Information Disclosure Vulnerability

Cisco Secure Access Control Server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.

This issue is being tracked by Cisco bug ID CSCve70595.

Information

Bugtraq ID: 103343
Class: Design Error
CVE: CVE-2018-0207

Remote: Yes
Local: No
Published: Mar 07 2018 12:00AM
Updated: Mar 07 2018 12:00AM
Credit: Mikhail Klyuchnikov from Positive Technologies.
Vulnerable: Cisco Secure Access Control Server Solution Engine 5.8(0.8)
Cisco Secure Access Control Server

Not Vulnerable:

Exploit

An attacker can exploit this issue using readily available tools.

References:

Cisco Homepage (Cisco)
Cisco Secure Access Control Server XML External Entity Injection Vulnerability (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit