CVE-2021-34706

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description The issue is related to the improper handling of XML External Entity (XXE) entries when parsing certain XML files in the web-based management interface of Cisco Identity Services Engine. This could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery (SSRF) attack through an affected device. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities, potentially allowing them to retrieve files from the local system or cause the web application to perform arbitrary HTTP requests on behalf of the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.