CVE-2016-1358
Description
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.
Risk Information
Base Score
6.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.486
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability For Cisco Prime Infrastructure | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-1358) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234