CVE-2019-1698

Name of the Vulnerable Software and Affected Versions Cisco Internet of Things Field Network Director (IoT-FND) Software versions prior to 4.4(0.26)

Description A vulnerability in the web-based user interface could allow an authenticated, remote attacker to gain read access to information stored on an affected system. This issue is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this by importing a crafted XML file with malicious entries, allowing them to read files within the affected application.

Recommendations For versions prior to 4.4(0.26), update to version 4.4(0.26) or later to resolve the issue. As a temporary workaround, consider restricting the import of XML files or limiting access to the web-based user interface to minimize the risk of exploitation.