High severity7.5NVD Advisory· Published Oct 6, 2011· Updated Apr 29, 2026

CVE-2011-3288

Description

Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.

Affected products

Cisco Systems, Inc./Unified Presence
cpe:2.3:a:cisco:unified_presence:*:*:*:*:*:*:*:*
Range: <8.5\(4\)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20110928-xcpcupsxml.htmlnvdVendor Advisory
www.cisco.com/en/US/products/products_security_advisory09186a0080b95d47.shtmlnvdNot Applicable

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000