A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote malicious user to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the malicious user to read files within the affected application. Versions before 4.4(0.26) are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco iot field network director |
Patches available now spread across more than a dozen advisories
Cisco emitted on Wednesday a bunch of security updates that, your support contract willing, you should test and roll out to installations as soon as possible. There are 17 advisories in all, including revised versions of previously issues bulletins, with six marked as high in terms of severity and the rest medium. The worst of the lot grants root access to a local attacker, closely followed by another that allows any remote miscreant in without authorization. Here's a summary of the high-severit...