CVE-2019-1698— Cisco IoT Field Network Director XML External Entity Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-1698
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IoT Field Network Director XML External Entity Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IoT Field Network Director 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IoT Field Network Director(IoT-FND)是美国思科(Cisco)公司的一套端到端的物联网管理系统。该系统具有设备管理、资产跟踪和智能计量等功能。 Cisco IoT Field Network Director中的Cisco Internet的基于Web的用户界面存在XML外部实体注入漏洞,该漏洞源于程序在解析XML文件时,错误地处理了XML外部实体条目。攻击者可通过导入带有恶意条目的XML文件利用该漏洞获取设备所存储信息的读取权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco IoT Field Network Director (IoT-FND) | unspecified ~ 4.4(0.26) | - |
II. Public POCs for CVE-2019-1698
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/raytran54/CVE-2019-1698 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-1698
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-iot-fnd-xmlvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2019-1698
Same Patch Batch · Cisco · 2019-02-21 · 12 CVEs total
| CVE-2019-1659 | Cisco Prime Infrastructure Certificate Validation Vulnerability | |
| CVE-2019-1662 | Cisco Prime Collaboration Assurance Software Unauthenticated Access Vulnerability | |
| CVE-2019-1664 | Cisco HyperFlex Software Unauthenticated Root Access Vulnerability | |
| CVE-2019-1665 | Cisco Hyperflex Stored Cross-Site Scripting Vulnerability | |
| CVE-2019-1666 | Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability | |
| CVE-2019-1667 | Cisco HyperFlex Arbitrary Statistics Write Vulnerability | |
| CVE-2019-1681 | Cisco Network Convergence System 1000 Series TFTP Directory Traversal Vulnerability | |
| CVE-2019-1684 | Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Prot | |
| CVE-2019-1685 | Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability | |
| CVE-2019-1691 | Cisco Firepower Threat Defense Software SSL or TLS Denial of Service Vulnerability | |
| CVE-2019-1700 | Cisco Firepower 9000 Series Firepower 2-Port 100G Double-Width Network Module Queue Wedge |
IV. Related Vulnerabilities
Same product: Cisco IoT Field Network Director (IoT-FND)
- CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi - CVE-2026-20168
Cisco IoT Field Network Director Path Traversal Vulnerabilit - CVE-2020-3531
Cisco IoT Field Network Director Unauthenticated REST API Vu - CVE-2020-3392
Cisco IoT Field Network Director Missing API Authentication
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-611
- CVE-2026-41936
Vvveb < 1.0.8.2 XML External Entity Injection via Import - CVE-2026-40682
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntr - CVE-2026-6501
ILM Informatique jOpenDocument 代码问题漏洞 - CVE-2025-14543
Improper Restriction of XML External Entity Reference vulner - CVE-2024-13971
Arbitrary File Read and Server Side Request Forgery via XML
V. Comments for CVE-2019-1698
No comments yet