Cisco Prime Infrastructure XXE Denial of Service Vulnerability (CVE-2016-1358)

Cisco Prime Infrastructure XXE Denial of Service Vulnerability (CVE-2016-1358)
Cisco Prime Infrastructure XXE Denial of Service Vulnerability (CVE-2016-1358)

Release date:
Updated on:

Affected Systems:

Cisco Prime Infrastructure 3.1 (0.0)
Cisco Prime Infrastructure 3.0
Cisco Prime Infrastructure 2.2

Description:

CVE (CAN) ID: CVE-2016-1358

Cisco Prime Infrastructure is a solution for wireless management through Cisco technology LMS and NCS.

Cisco Prime Infrastructure 2.2, 3.0, 3.1 (0.0) has a security vulnerability. Remote users can exploit this vulnerability to read arbitrary files or cause denial of service (DoS) by using specially crafted XML documents that contain external entity declarations and references.

<* Source: Cisco

Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi
*>

Suggestion:

Vendor patch:

Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160302-cpi) and patches for this:
Cisco-sa-20160302-cpi: Cisco Prime Infrastructure XML External Entity Denial of Service Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi

This article permanently updates the link address: