| Vulnerability Name: | CVE-2016-6408 (CCN-117086) | ||||||||||||
| Assigned: | 2016-09-21 | ||||||||||||
| Published: | 2016-09-21 | ||||||||||||
| Updated: | 2016-11-28 | ||||||||||||
| Summary: | Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-611 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-6408 Source: CISCO Type: Vendor Advisory 20160921 Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability Source: BID Type: UNKNOWN 93092 Source: CCN Type: BID-93092 Cisco Prime Home CVE-2016-6408 XML External Entity Information Disclosure Vulnerability Source: XF Type: UNKNOWN cisco-prime-cve20166408-info-disc(117086) Source: CCN Type: Cisco Security Advisory cisco-sa-20160921-cph Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||