CVE-2020-3256 is a vulnerability in Cisco Hosted Collaboration Mediation Fulfillment
Published on May 6, 2020
Cisco Hosted Collaboration Mediation Fulfillment XML External Expansion Vulnerability
A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. To exploit this vulnerability, an attacker would need administrative privileges on the Cisco HCM-F Software. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by sending malicious requests that contain references in XML entities to an affected system. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information.
Weakness Type
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2020-3256 has been classified to as a XXE vulnerability or weakness.
Products Associated with CVE-2020-3256
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-3256 are published in Cisco Hosted Collaboration Mediation Fulfillment:
Affected Versions
Cisco Hosted Collaboration Mediation Fulfillment Version n/a is affected by CVE-2020-3256Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.