CVE-2019-1698
Last modified
CVE-2019-1698 is a vulnerability of currently unknown severity. A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. EPSS estimates a 3.12% chance of exploitation in the next 30 days.
Description
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Iot Field Network Director | < 4.4\(0.26\) |
References
- http://www.securityfocus.com/bid/107093Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/107093Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-1698?
How severe is CVE-2019-1698?
How do I fix CVE-2019-1698?
Are you affected by CVE-2019-1698?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST