PT-2019-2556 · Cisco · Cisco Security Manager

Published

2019-06-19

Updated

2019-10-09

CVE-2019-1903

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco Security Manager (affected versions not specified)

Description A vulnerability could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The issue is due to improper restrictions on XML entities. An attacker could exploit this by sending malicious requests to a targeted system that contain references within XML entities. This could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2019-02408

CVE-2019-1903

Affected Products

Cisco Security Manager

PT-2019-2556 · Cisco · Cisco Security Manager

CVE-2019-1903

Weakness Enumeration

Related Identifiers

Affected Products

References · 7