CVE-2016-1358 Information

Description

Cisco Prime Infrastructure 2.2 3.0 and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue aka Bug ID CSCuw81497.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi http://www.securitytracker.com/id/1035181

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.4