Sign-up

ID

VAR-201802-0612


CVE

CVE-2018-0119


TITLE

Cisco Spark Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-05179 // CNNVD: CNNVD-201802-277

DESCRIPTION

A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote attacker to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper display of user-account tokens generated in the system. An attacker could exploit this vulnerability by logging in to the device with a token in use by another account. Successful exploitation could allow the attacker to cause a partial impact to the device's confidentiality, integrity, and availability. Cisco Bug IDs: CSCvg05206. Cisco Spark Contains an access control vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg05206 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoSpark is a suite of collaborative service solutions from Cisco. By providing a virtual space, the program allows teams at any location to work together, talk and video, and discuss topics, store team files and files. An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-0119 // JVNDB: JVNDB-2018-002228 // CNVD: CNVD-2018-05179 // BID: 102961 // VULHUB: VHN-118321

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05179

AFFECTED PRODUCTS

vendor:ciscomodel:conference directorscope:eqversion:2017-08-30

Trust: 1.6

vendor:ciscomodel:telepresence mcu conference directorscope: - version: -

Trust: 0.8

vendor:ciscomodel:sparkscope: - version: -

Trust: 0.6

vendor:ciscomodel:sparkscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-05179 // BID: 102961 // JVNDB: JVNDB-2018-002228 // CNNVD: CNNVD-201802-277 // NVD: CVE-2018-0119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0119
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0119
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05179
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-277
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118321
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0119
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05179
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118321
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0119
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05179 // VULHUB: VHN-118321 // JVNDB: JVNDB-2018-002228 // CNNVD: CNNVD-201802-277 // NVD: CVE-2018-0119

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118321 // JVNDB: JVNDB-2018-002228 // NVD: CVE-2018-0119

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-277

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-277

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002228

PATCH
title:cisco-sa-20180207-sparkurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-spark
Trust: 0.8
title:Patch for CiscoSpark Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/121197
Trust: 0.6
title:Cisco Spark Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78388
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05179 // 
            
            
            
            JVNDB: JVNDB-2018-002228 // 
            
            
            
            CNNVD: CNNVD-201802-277

EXTERNAL IDS
db:NVDid:CVE-2018-0119
Trust: 3.4
db:BIDid:102961
Trust: 2.6
db:JVNDBid:JVNDB-2018-002228
Trust: 0.8
db:CNNVDid:CNNVD-201802-277
Trust: 0.7
db:CNVDid:CNVD-2018-05179
Trust: 0.6
db:VULHUBid:VHN-118321
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05179 // 
            
            
            
            VULHUB: VHN-118321 // 
            
            
            
            BID: 102961 // 
            
            
            
            JVNDB: JVNDB-2018-002228 // 
            
            
            
            CNNVD: CNNVD-201802-277 // 
            
            
            
            NVD: CVE-2018-0119

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-spark
Trust: 2.6
url:http://www.securityfocus.com/bid/102961
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0119
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0119
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.webex.com/ciscospark/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05179 // 
            
            
            
            VULHUB: VHN-118321 // 
            
            
            
            BID: 102961 // 
            
            
            
            JVNDB: JVNDB-2018-002228 // 
            
            
            
            CNNVD: CNNVD-201802-277 // 
            
            
            
            NVD: CVE-2018-0119

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102961

SOURCES
db:CNVDid:CNVD-2018-05179
db:VULHUBid:VHN-118321
db:BIDid:102961
db:JVNDBid:JVNDB-2018-002228
db:CNNVDid:CNNVD-201802-277
db:NVDid:CVE-2018-0119

LAST UPDATE DATE
2024-11-23T23:02:12.896000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05179date:2018-03-14T00:00:00
db:VULHUBid:VHN-118321date:2019-10-09T00:00:00
db:BIDid:102961date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002228date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201802-277date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0119date:2024-11-21T03:37:33.643

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05179date:2018-03-14T00:00:00
db:VULHUBid:VHN-118321date:2018-02-08T00:00:00
db:BIDid:102961date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002228date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201802-277date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0119date:2018-02-08T07:29:00.367