Adobe.Digital.Editions.Epub.XXE.Information.Disclosure
Description
This indicates an attack attempt against an Information Disclosure vulnerability in multiple products.
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted XML file.
Affected Products
Adobe Systems Digital Editions prior to 4.5.3
Cisco Systems Evolved Programmable Network Manager prior to 3.1.6
Cisco Systems Prime Infrastructure prior to 3.1.6
Subsonic 6.1.1
Asus DSL-AC51
Asus DSL-AC52U
Asus DSL-AC55U
Asus DSL-N55U C1
Asus DSL-N55U D1
Asus DSL-AC56U
Asus DSL-N10_C1
Asus DSL-N12U C1
Asus DSL-N12E C1
Asus DSL-N14U
Asus DSL-N14U-B1
Asus DSL-N16
Asus DSL-N16U
Asus DSL-N17U
Asus DSL-N66U
Asus DSL-AC750
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1
http://www.subsonic.org/pages/download.jsp
https://www.asus.com/Networking/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-10 | 14.629 | Severity:medium:high |
2019-05-08 | 14.609 | Name:XML. External. Entity. Injection:Adobe. Digital. Editions. Epub. XXE. Information. Disclosure |
2019-04-18 | 14.597 | Sig Added |