From dc31b9fe903e82fc7c6177195de5f11c29d35694 Mon Sep 17 00:00:00 2001 From: santosomar Date: Wed, 2 Oct 2019 19:02:30 +0000 Subject: [PATCH] Adding Cisco CVE --- 2019/12xxx/CVE-2019-12711.json | 83 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 7 deletions(-) diff --git a/2019/12xxx/CVE-2019-12711.json b/2019/12xxx/CVE-2019-12711.json index 1e74b1c1374..151d8837fdf 100644 --- a/2019/12xxx/CVE-2019-12711.json +++ b/2019/12xxx/CVE-2019-12711.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-10-02T16:00:00-0700", "ID": "CVE-2019-12711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Unified Communications Manager XML External Expansion Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to an affected system that contain references in XML entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20191002 Cisco Unified Communications Manager XML External Expansion Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-cucm-xxe" + } + ] + }, + "source": { + "advisory": "cisco-sa-20191002-cucm-xxe", + "defect": [ + [ + "CSCvp46079" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +}