#VU7164 XML injection in Cisco Prime Infrastructure - CVE-2017-6662

Cybersecurity Help s.r.o.

Published: 2017-06-22 | Updated: 2017-06-27

Vulnerability identifier: #VU7164

Vulnerability risk: Medium

CVSSv4.0: 5.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-6662

CWE-ID: CWE-611

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Prime Infrastructure
Server applications / Remote management servers, RDP, SSH

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote authenticated attacker to gain read and write access to information and possibly execute arbitrary code.

The vulnerability exists in the web based user interface due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can trick the administrator of an affected system into importing a specially crafted XML file with malicious entries, read and write files and execute remote code within the application.

Successful exploitation of the vulnerability may allow an attacker to gain complete control over affected website.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco Prime Infrastructure: 3.1.1

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Evolved Programmable Network Manager

Multiple vulnerabilities in Cisco Prime Infrastructure