CVE-2016-1343 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-1343 PUBLISHED CVSS 10 CRITICAL

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059.

EPSS 0.59% · 69.1th percentile

Risk Scores

CVSS v3.0

10

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

EPSS Score

0.59%

69.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
cisco	information_server	6.2_base

Timeline

Apr 28, 2016 CVE Published
Oct 2, 2020 PoC Published
Nov 6, 2020 PoC Published
Sep 6, 2021 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

20160428 Cisco Information Server XML Parser Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2016-1343 advisory

Open in Interactive Console →