Sign-up

ID

VAR-201804-1005


CVE

CVE-2018-0260


TITLE

Cisco MATE Live Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-004418 // CNNVD: CNNVD-201804-1091

DESCRIPTION

A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272. Vendors have confirmed this vulnerability Bug ID CSCvh31272 It is released as.Information may be obtained. This may aid in further attacks. The solution enables navigation and in-depth network analysis of current and historical data to make critical business and technology decisions

Trust: 1.98

sources: NVD: CVE-2018-0260 // JVNDB: JVNDB-2018-004418 // BID: 103946 // VULHUB: VHN-118462

AFFECTED PRODUCTS

vendor:ciscomodel:mate livescope:eqversion:1.3

Trust: 1.6

vendor:ciscomodel:mate livescope: - version: -

Trust: 0.8

vendor:ciscomodel:mate livescope:eqversion:0

Trust: 0.3

sources: BID: 103946 // JVNDB: JVNDB-2018-004418 // CNNVD: CNNVD-201804-1091 // NVD: CVE-2018-0260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0260
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0260
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-1091
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118462
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0260
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118462
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0260
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118462 // JVNDB: JVNDB-2018-004418 // CNNVD: CNNVD-201804-1091 // NVD: CVE-2018-0260

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118462 // JVNDB: JVNDB-2018-004418 // NVD: CVE-2018-0260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1091

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004418

PATCH
title:cisco-sa-20180418-MATE1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1
Trust: 0.8
title:Cisco MATE Live Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81387
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004418 // 
            
            
            
            CNNVD: CNNVD-201804-1091

EXTERNAL IDS
db:NVDid:CVE-2018-0260
Trust: 2.8
db:BIDid:103946
Trust: 2.0
db:JVNDBid:JVNDB-2018-004418
Trust: 0.8
db:CNNVDid:CNNVD-201804-1091
Trust: 0.6
db:VULHUBid:VHN-118462
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118462 // 
            
            
            
            BID: 103946 // 
            
            
            
            JVNDB: JVNDB-2018-004418 // 
            
            
            
            CNNVD: CNNVD-201804-1091 // 
            
            
            
            NVD: CVE-2018-0260

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-mate1
Trust: 2.0
url:http://www.securityfocus.com/bid/103946
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0260
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0260
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118462 // 
            
            
            
            BID: 103946 // 
            
            
            
            JVNDB: JVNDB-2018-004418 // 
            
            
            
            CNNVD: CNNVD-201804-1091 // 
            
            
            
            NVD: CVE-2018-0260

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103946

SOURCES
db:VULHUBid:VHN-118462
db:BIDid:103946
db:JVNDBid:JVNDB-2018-004418
db:CNNVDid:CNNVD-201804-1091
db:NVDid:CVE-2018-0260

LAST UPDATE DATE
2024-11-23T22:06:55.816000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118462date:2019-10-09T00:00:00
db:BIDid:103946date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004418date:2018-06-20T00:00:00
db:CNNVDid:CNNVD-201804-1091date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0260date:2024-11-21T03:37:50.203

SOURCES RELEASE DATE
db:VULHUBid:VHN-118462date:2018-04-19T00:00:00
db:BIDid:103946date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004418date:2018-06-20T00:00:00
db:CNNVDid:CNNVD-201804-1091date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0260date:2018-04-19T20:29:01.427