Sign-up

ID

VAR-201802-0609


CVE

CVE-2018-0113


TITLE

Cisco UCS Central Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002142

DESCRIPTION

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting a crafted request to the user interface of Cisco UCS Central. This vulnerability affects Cisco UCS Central Software prior to Release 2.0(1c). Cisco Bug IDs: CSCve70825. Vendors have confirmed this vulnerability Bug ID CSCve70825 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2018-0113 // JVNDB: JVNDB-2018-002142 // BID: 102966 // VULHUB: VHN-118315

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing system central softwarescope:eqversion:1.5\(1c\)

Trust: 1.6

vendor:ciscomodel:unified computing system central softwarescope:ltversion:2.0(1c)

Trust: 0.8

vendor:ciscomodel:ucs central software 2.0scope: - version: -

Trust: 0.6

vendor:ciscomodel:ucs central software 1.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ucs central software 2.0scope:neversion: -

Trust: 0.3

sources: BID: 102966 // JVNDB: JVNDB-2018-002142 // CNNVD: CNNVD-201802-280 // NVD: CVE-2018-0113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0113
value: HIGH

Trust: 1.0

NVD: CVE-2018-0113
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-280
value: HIGH

Trust: 0.6

VULHUB: VHN-118315
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0113
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118315
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0113
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118315 // JVNDB: JVNDB-2018-002142 // CNNVD: CNNVD-201802-280 // NVD: CVE-2018-0113

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118315 // JVNDB: JVNDB-2018-002142 // NVD: CVE-2018-0113

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-280

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 102966 // CNNVD: CNNVD-201802-280

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002142

PATCH
title:cisco-sa-20180207-ucscurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc
Trust: 0.8
title:Cisco UCS Central Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78391
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002142 // 
            
            
            
            CNNVD: CNNVD-201802-280

EXTERNAL IDS
db:NVDid:CVE-2018-0113
Trust: 2.8
db:BIDid:102966
Trust: 2.0
db:SECTRACKid:1040337
Trust: 1.7
db:JVNDBid:JVNDB-2018-002142
Trust: 0.8
db:CNNVDid:CNNVD-201802-280
Trust: 0.7
db:VULHUBid:VHN-118315
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118315 // 
            
            
            
            BID: 102966 // 
            
            
            
            JVNDB: JVNDB-2018-002142 // 
            
            
            
            CNNVD: CNNVD-201802-280 // 
            
            
            
            NVD: CVE-2018-0113

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-ucsc
Trust: 2.0
url:http://www.securityfocus.com/bid/102966
Trust: 1.7
url:http://www.securitytracker.com/id/1040337
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0113
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0113
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118315 // 
            
            
            
            BID: 102966 // 
            
            
            
            JVNDB: JVNDB-2018-002142 // 
            
            
            
            CNNVD: CNNVD-201802-280 // 
            
            
            
            NVD: CVE-2018-0113

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102966

SOURCES
db:VULHUBid:VHN-118315
db:BIDid:102966
db:JVNDBid:JVNDB-2018-002142
db:CNNVDid:CNNVD-201802-280
db:NVDid:CVE-2018-0113

LAST UPDATE DATE
2024-11-23T22:56:00.598000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118315date:2019-10-09T00:00:00
db:BIDid:102966date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002142date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-280date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0113date:2024-11-21T03:37:32.857

SOURCES RELEASE DATE
db:VULHUBid:VHN-118315date:2018-02-08T00:00:00
db:BIDid:102966date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002142date:2018-03-26T00:00:00
db:CNNVDid:CNNVD-201802-280date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0113date:2018-02-08T07:29:00.210