Sign-up

ID

VAR-201805-0498


CVE

CVE-2018-0262


TITLE

Cisco Meeting Server Vulnerabilities in environment settings

Trust: 0.8

sources: JVNDB: JVNDB-2018-004903

DESCRIPTION

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469. Vendors have confirmed this vulnerability Bug ID CSCvg76469 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2018-0262 // JVNDB: JVNDB-2018-004903 // BID: 104079 // VULHUB: VHN-118464

AFFECTED PRODUCTS

vendor:ciscomodel:meeting serverscope:eqversion:2.4

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.3

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.2

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.1

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:2.0

Trust: 1.9

vendor:ciscomodel:meeting serverscope:eqversion:1.9

Trust: 1.9

vendor:ciscomodel:meeting serverscope:ltversion:2.2.11

Trust: 0.8

vendor:ciscomodel:meeting serverscope:neversion:2.2.11

Trust: 0.3

sources: BID: 104079 // JVNDB: JVNDB-2018-004903 // CNNVD: CNNVD-201805-081 // NVD: CVE-2018-0262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0262
value: HIGH

Trust: 1.0

NVD: CVE-2018-0262
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201805-081
value: HIGH

Trust: 0.6

VULHUB: VHN-118464
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0262
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118464
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0262
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118464 // JVNDB: JVNDB-2018-004903 // CNNVD: CNNVD-201805-081 // NVD: CVE-2018-0262

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118464 // JVNDB: JVNDB-2018-004903 // NVD: CVE-2018-0262

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-081

TYPE

Configuration Error

Trust: 0.9

sources: BID: 104079 // CNNVD: CNNVD-201805-081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004903

PATCH
title:cisco-sa-20180502-cms-cxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx
Trust: 0.8
title:Cisco Meeting Server Acano X-series Cisco Meeting Server Software Fixes for configuration error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79817
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004903 // 
            
            
            
            CNNVD: CNNVD-201805-081

EXTERNAL IDS
db:NVDid:CVE-2018-0262
Trust: 2.8
db:BIDid:104079
Trust: 2.0
db:SECTRACKid:1040819
Trust: 1.7
db:JVNDBid:JVNDB-2018-004903
Trust: 0.8
db:CNNVDid:CNNVD-201805-081
Trust: 0.7
db:VULHUBid:VHN-118464
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118464 // 
            
            
            
            BID: 104079 // 
            
            
            
            JVNDB: JVNDB-2018-004903 // 
            
            
            
            CNNVD: CNNVD-201805-081 // 
            
            
            
            NVD: CVE-2018-0262

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-cms-cx
Trust: 2.0
url:http://www.securityfocus.com/bid/104079
Trust: 1.7
url:http://www.securitytracker.com/id/1040819
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0262
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0262
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118464 // 
            
            
            
            BID: 104079 // 
            
            
            
            JVNDB: JVNDB-2018-004903 // 
            
            
            
            CNNVD: CNNVD-201805-081 // 
            
            
            
            NVD: CVE-2018-0262

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104079

SOURCES
db:VULHUBid:VHN-118464
db:BIDid:104079
db:JVNDBid:JVNDB-2018-004903
db:CNNVDid:CNNVD-201805-081
db:NVDid:CVE-2018-0262

LAST UPDATE DATE
2024-11-23T22:41:51.261000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118464date:2019-10-09T00:00:00
db:BIDid:104079date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004903date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-081date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0262date:2024-11-21T03:37:50.317

SOURCES RELEASE DATE
db:VULHUBid:VHN-118464date:2018-05-02T00:00:00
db:BIDid:104079date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004903date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-081date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0262date:2018-05-02T22:29:00.857