Details of VAR-201802-0590

ID

VAR-201802-0590

CVE

CVE-2018-0121

TITLE

Cisco Elastic Services Controller Software Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002467

DESCRIPTION

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809. Vendors have confirmed this vulnerability Bug ID CSCvg29809 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks

Trust: 1.98

sources: NVD: CVE-2018-0121 // JVNDB: JVNDB-2018-002467 // BID: 103113 // VULHUB: VHN-118323

AFFECTED PRODUCTS

vendor:	cisco	model:	elastic services controller	scope:	eq	version:	3.0.0	Trust: 2.7
vendor:	cisco	model:	virtual managed services	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	virtual managed service	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	virtual managed services	scope:	ne	version:	3.1(0.116)	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	3.1.0	Trust: 0.3

sources: BID: 103113 // JVNDB: JVNDB-2018-002467 // CNNVD: CNNVD-201802-442 // NVD: CVE-2018-0121

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0121
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0121
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201802-442
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118323
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0121
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118323
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0121
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118323 // JVNDB: JVNDB-2018-002467 // CNNVD: CNNVD-201802-442 // NVD: CVE-2018-0121

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-118323 // JVNDB: JVNDB-2018-002467 // NVD: CVE-2018-0121

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-442

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201802-442

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002467

PATCH

title:	cisco-sa-20180221-esc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc	Trust: 0.8
title:	Cisco Elastic Services Controller Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78521	Trust: 0.6

sources: JVNDB: JVNDB-2018-002467 // CNNVD: CNNVD-201802-442

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0121	Trust: 2.8
db:	BID	id:	103113	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-002467	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-442	Trust: 0.7
db:	VULHUB	id:	VHN-118323	Trust: 0.1

sources: VULHUB: VHN-118323 // BID: 103113 // JVNDB: JVNDB-2018-002467 // CNNVD: CNNVD-201802-442 // NVD: CVE-2018-0121

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-esc	Trust: 2.6
url:	http://www.securityfocus.com/bid/103113	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0121	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0121	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118323 // BID: 103113 // JVNDB: JVNDB-2018-002467 // CNNVD: CNNVD-201802-442 // NVD: CVE-2018-0121

CREDITS

This vulnerability was found during internal security testing.

Trust: 0.6

sources: CNNVD: CNNVD-201802-442

SOURCES

db:	VULHUB	id:	VHN-118323
db:	BID	id:	103113
db:	JVNDB	id:	JVNDB-2018-002467
db:	CNNVD	id:	CNNVD-201802-442
db:	NVD	id:	CVE-2018-0121

LAST UPDATE DATE

2024-11-23T22:59:06.626000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118323	date:	2019-10-09T00:00:00
db:	BID	id:	103113	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002467	date:	2018-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201802-442	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0121	date:	2024-11-21T03:37:33.873

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118323	date:	2018-02-22T00:00:00
db:	BID	id:	103113	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002467	date:	2018-04-13T00:00:00
db:	CNNVD	id:	CNNVD-201802-442	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2018-0121	date:	2018-02-22T00:29:00.203