CVE-2021-1267

MEDIUM Year: 2021
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-776
View all →

Vulnerability Description

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition.

Related Vulnerabilities

CVE-2012-3340

MEDIUM
CVSS:4.3(Medium)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vuln...

CWE-7762012

CVE-2023-3569

MEDIUM
CVSS:4.9(Medium)

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a...

CWE-7762023

CVE-2017-5644

MEDIUM
CVSS:5.5(Medium)

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CWE-7762017

CVE-2021-31842

MEDIUM
CVSS:5.5(Medium)

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulti...

CWE-7762021

CVE-2022-28652

MEDIUM
CVSS:5.5(Medium)

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

CWE-7762022

CVE-2023-52426

MEDIUM
CVSS:5.5(Medium)

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

CWE-7762023