Details of VAR-201803-1597

ID

VAR-201803-1597

CVE

CVE-2018-0218

TITLE

Cisco Secure Access Control Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-002598

DESCRIPTION

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616. Vendors have confirmed this vulnerability Bug ID CSCve70616 It is released as.Information may be obtained. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks

Trust: 1.98

sources: NVD: CVE-2018-0218 // JVNDB: JVNDB-2018-002598 // BID: 103345 // VULHUB: VHN-118420

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.8\(0.8\)	Trust: 1.6
vendor:	cisco	model:	secure access control server solution engine	scope:	lt	version:	5.8 patch 9	Trust: 0.8
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	5.8(0.8)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	secure access control server patch	scope:	ne	version:	5.89	Trust: 0.3

sources: BID: 103345 // JVNDB: JVNDB-2018-002598 // CNNVD: CNNVD-201803-249 // NVD: CVE-2018-0218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0218
value:	LOW
Trust: 1.0
NVD:	CVE-2018-0218
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201803-249
value:	LOW
Trust: 0.6
VULHUB:	VHN-118420
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0218
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118420
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0218
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0218
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118420 // JVNDB: JVNDB-2018-002598 // CNNVD: CNNVD-201803-249 // NVD: CVE-2018-0218

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-611	Trust: 1.1

sources: VULHUB: VHN-118420 // JVNDB: JVNDB-2018-002598 // NVD: CVE-2018-0218

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-249

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-249

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002598

PATCH

title:	cisco-sa-20180307-acs1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-acs1	Trust: 0.8
title:	Cisco Secure Access Control Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78983	Trust: 0.6

sources: JVNDB: JVNDB-2018-002598 // CNNVD: CNNVD-201803-249

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0218	Trust: 2.8
db:	BID	id:	103345	Trust: 2.0
db:	SECTRACK	id:	1040470	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002598	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-249	Trust: 0.7
db:	VULHUB	id:	VHN-118420	Trust: 0.1

sources: VULHUB: VHN-118420 // BID: 103345 // JVNDB: JVNDB-2018-002598 // CNNVD: CNNVD-201803-249 // NVD: CVE-2018-0218

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-acs1	Trust: 2.0
url:	http://www.securityfocus.com/bid/103345	Trust: 1.7
url:	http://www.securitytracker.com/id/1040470	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0218	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0218	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118420 // BID: 103345 // JVNDB: JVNDB-2018-002598 // CNNVD: CNNVD-201803-249 // NVD: CVE-2018-0218

CREDITS

Cisco

Trust: 0.3

sources: BID: 103345

SOURCES

db:	VULHUB	id:	VHN-118420
db:	BID	id:	103345
db:	JVNDB	id:	JVNDB-2018-002598
db:	CNNVD	id:	CNNVD-201803-249
db:	NVD	id:	CVE-2018-0218

LAST UPDATE DATE

2024-11-23T22:12:38.287000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118420	date:	2020-09-04T00:00:00
db:	BID	id:	103345	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002598	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-249	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-0218	date:	2024-11-21T03:37:45.400

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118420	date:	2018-03-08T00:00:00
db:	BID	id:	103345	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002598	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-249	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-0218	date:	2018-03-08T07:29:01.003