Details of VAR-201801-1057

ID

VAR-201801-1057

CVE

CVE-2018-0106

TITLE

Cisco Elastic Services Controller Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-001702

DESCRIPTION

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221. Vendors have confirmed this vulnerability Bug ID CSCvg00221 It is released as.Information may be obtained. This may result in further attacks. ConfD server is one of the configuration management servers

Trust: 1.98

sources: NVD: CVE-2018-0106 // JVNDB: JVNDB-2018-001702 // BID: 102757 // VULHUB: VHN-118308

AFFECTED PRODUCTS

vendor:	cisco	model:	elastic services controller	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	virtual managed services	scope:	eq	version:	2.3(2)	Trust: 0.3
vendor:	cisco	model:	elastic services controllers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	virtual managed services	scope:	ne	version:	2.3(2.168)	Trust: 0.3
vendor:	cisco	model:	virtual managed services	scope:	ne	version:	2.3(2.164)	Trust: 0.3

sources: BID: 102757 // JVNDB: JVNDB-2018-001702 // CNNVD: CNNVD-201801-616 // NVD: CVE-2018-0106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0106
value:	LOW
Trust: 1.0
NVD:	CVE-2018-0106
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201801-616
value:	LOW
Trust: 0.6
VULHUB:	VHN-118308
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0106
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118308
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0106
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0106
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118308 // JVNDB: JVNDB-2018-001702 // CNNVD: CNNVD-201801-616 // NVD: CVE-2018-0106

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-552	Trust: 1.1

sources: VULHUB: VHN-118308 // JVNDB: JVNDB-2018-001702 // NVD: CVE-2018-0106

THREAT TYPE

local

Trust: 0.9

sources: BID: 102757 // CNNVD: CNNVD-201801-616

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-616

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001702

PATCH

title:

cisco-sa-20180117-esc

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esc

Trust: 0.8

sources: JVNDB: JVNDB-2018-001702

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0106	Trust: 2.8
db:	BID	id:	102757	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-001702	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-616	Trust: 0.7
db:	VULHUB	id:	VHN-118308	Trust: 0.1

sources: VULHUB: VHN-118308 // BID: 102757 // JVNDB: JVNDB-2018-001702 // CNNVD: CNNVD-201801-616 // NVD: CVE-2018-0106

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-esc	Trust: 2.0
url:	http://www.securityfocus.com/bid/102757	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0106	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0106	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118308 // BID: 102757 // JVNDB: JVNDB-2018-001702 // CNNVD: CNNVD-201801-616 // NVD: CVE-2018-0106

CREDITS

Cisco

Trust: 0.3

sources: BID: 102757

SOURCES

db:	VULHUB	id:	VHN-118308
db:	BID	id:	102757
db:	JVNDB	id:	JVNDB-2018-001702
db:	CNNVD	id:	CNNVD-201801-616
db:	NVD	id:	CVE-2018-0106

LAST UPDATE DATE

2024-11-23T22:22:15.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118308	date:	2020-09-04T00:00:00
db:	BID	id:	102757	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001702	date:	2018-03-02T00:00:00
db:	CNNVD	id:	CNNVD-201801-616	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0106	date:	2024-11-21T03:37:31.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118308	date:	2018-01-18T00:00:00
db:	BID	id:	102757	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001702	date:	2018-03-02T00:00:00
db:	CNNVD	id:	CNNVD-201801-616	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0106	date:	2018-01-18T06:29:01.207