#VU10902 XXE attack in Cisco Secure Access Control - CVE-2018-0218

Cybersecurity Help s.r.o.

Published: 2018-03-10

Vulnerability identifier: #VU10902

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0218

CWE-ID: CWE-611

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Secure Access Control
Server applications / Directory software, identity management

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in the web-based user interface due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the administrator of an affected system to import a crafted XML file, perform XXE attack and read arbitrary data.

Mitigation
Update to version 5.8 patch 9.

Vulnerable software versions

Cisco Secure Access Control: 5.8.0.8

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Secure Access Control