CVE-2018-0218

Name of the Vulnerable Software and Affected Versions: Cisco Secure Access Control Server versions prior to 5.8 patch 9

Description: A vulnerability in the web-based user interface of the Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The issue is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this by convincing the administrator of an affected system to import a crafted XML file.

Recommendations: For versions prior to 5.8 patch 9, update to version 5.8 patch 9 or later to resolve the issue. As a temporary workaround, consider restricting the import of XML files from untrusted sources to minimize the risk of exploitation.