Details of VAR-201805-0502

ID

VAR-201805-0502

CVE

CVE-2018-0323

TITLE

Cisco Enterprise NFV Infrastructure Software path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-005163 // CNNVD: CNNVD-201805-624

DESCRIPTION

A vulnerability in the web management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a path traversal attack on a targeted system. The vulnerability is due to insufficient validation of web request parameters. An attacker who has access to the web management interface of the affected application could exploit this vulnerability by sending a malicious web request to the affected device. A successful exploit could allow the attacker to access sensitive information on the affected system. Cisco Bug IDs: CSCvh99631. Vendors have confirmed this vulnerability Bug ID CSCvh99631 It is released as.Information may be obtained. The platform can realize the full lifecycle management of virtualized services through the central coordinator and controller

Trust: 1.98

sources: NVD: CVE-2018-0323 // JVNDB: JVNDB-2018-005163 // BID: 104206 // VULHUB: VHN-118525

AFFECTED PRODUCTS

vendor:	cisco	model:	network functions virtualization infrastructure	scope:	eq	version:	3.7.1	Trust: 1.6
vendor:	cisco	model:	network functions virtualization infrastructure	scope:	eq	version:	3.6.1	Trust: 1.6
vendor:	cisco	model:	enterprise nfv infrastructure software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	enterprise nfv infrastructure software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104206 // JVNDB: JVNDB-2018-005163 // CNNVD: CNNVD-201805-624 // NVD: CVE-2018-0323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0323
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0323
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201805-624
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118525
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0323
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118525
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0323
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118525 // JVNDB: JVNDB-2018-005163 // CNNVD: CNNVD-201805-624 // NVD: CVE-2018-0323

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-118525 // JVNDB: JVNDB-2018-005163 // NVD: CVE-2018-0323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-624

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201805-624

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005163

PATCH

title:	cisco-sa-20180516-nfvis-path-traversal	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-nfvis-path-traversal	Trust: 0.8
title:	Cisco Enterprise NFV Infrastructure Software Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83549	Trust: 0.6

sources: JVNDB: JVNDB-2018-005163 // CNNVD: CNNVD-201805-624

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0323	Trust: 2.8
db:	BID	id:	104206	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-005163	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-624	Trust: 0.6
db:	VULHUB	id:	VHN-118525	Trust: 0.1

sources: VULHUB: VHN-118525 // BID: 104206 // JVNDB: JVNDB-2018-005163 // CNNVD: CNNVD-201805-624 // NVD: CVE-2018-0323

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-nfvis-path-traversal	Trust: 2.0
url:	http://www.securityfocus.com/bid/104206	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0323	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0323	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118525 // BID: 104206 // JVNDB: JVNDB-2018-005163 // CNNVD: CNNVD-201805-624 // NVD: CVE-2018-0323

CREDITS

Security Teams of Orange Group.

Trust: 0.3

sources: BID: 104206

SOURCES

db:	VULHUB	id:	VHN-118525
db:	BID	id:	104206
db:	JVNDB	id:	JVNDB-2018-005163
db:	CNNVD	id:	CNNVD-201805-624
db:	NVD	id:	CVE-2018-0323

LAST UPDATE DATE

2024-11-23T21:38:58.161000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118525	date:	2019-10-09T00:00:00
db:	BID	id:	104206	date:	2018-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-005163	date:	2018-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201805-624	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0323	date:	2024-11-21T03:37:58.690

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118525	date:	2018-05-17T00:00:00
db:	BID	id:	104206	date:	2018-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-005163	date:	2018-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201805-624	date:	2018-05-18T00:00:00
db:	NVD	id:	CVE-2018-0323	date:	2018-05-17T03:29:00.717