Vulnerabilities > CVE-2018-3881 - XXE vulnerability in Focalscope 2416

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

focalscope

CWE-611

critical

NVD

Published: 2018-08-01

Updated: 2023-02-03

Summary

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.

Vulnerable Configurations

Part	Description	Count
Application	Focalscope Focalscope Focalscope 2416	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Talos

id	TALOS-2018-0559
last seen	2019-05-29
published	2018-07-20
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559
title	FocalScope XML External Entity Injection Vulnerability

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559