CVE-2016-6408

Description

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.431

Associated Vulnerability

Vulnerability	OS Platform
Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability For Cisco Prime Home	NCM
Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-6408)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1701797	Security Update for Cisco Prime Home 6.5(1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234