Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IoT Field Network Director XML External Entity Vulnerability
Vulnerability Description
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Cisco IoT Field Network Director 代码问题漏洞
Vulnerability Description
Cisco IoT Field Network Director(IoT-FND)是美国思科(Cisco)公司的一套端到端的物联网管理系统。该系统具有设备管理、资产跟踪和智能计量等功能。 Cisco IoT Field Network Director中的Cisco Internet的基于Web的用户界面存在XML外部实体注入漏洞,该漏洞源于程序在解析XML文件时,错误地处理了XML外部实体条目。攻击者可通过导入带有恶意条目的XML文件利用该漏洞获取设备所存储信息的读取权限。
CVSS Information
N/A
Vulnerability Type
N/A