Details of VAR-201806-0989

ID

VAR-201806-0989

CVE

CVE-2018-0263

TITLE

Cisco Meeting Server Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006125

DESCRIPTION

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471. Vendors report this vulnerability Bug ID CSCvg76471 Published as.Information may be obtained

Trust: 1.98

sources: NVD: CVE-2018-0263 // JVNDB: JVNDB-2018-006125 // BID: 104419 // VULHUB: VHN-118465

AFFECTED PRODUCTS

vendor:	cisco	model:	meeting server	scope:	lt	version:	2.2.13	Trust: 1.8
vendor:	cisco	model:	meeting server	scope:	lt	version:	2.3.4	Trust: 1.8
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.3	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.6	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.8	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.7	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.1.1	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.4	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.9	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.0.5	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.3.3	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.2.12	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.2.11	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.2.10	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	ne	version:	2.3.4	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	ne	version:	2.2.13	Trust: 0.3

sources: BID: 104419 // JVNDB: JVNDB-2018-006125 // CNNVD: CNNVD-201806-403 // NVD: CVE-2018-0263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0263
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0263
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-403
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118465
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0263
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118465
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0263
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0263
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118465 // JVNDB: JVNDB-2018-006125 // CNNVD: CNNVD-201806-403 // NVD: CVE-2018-0263

PROBLEMTYPE DATA

problemtype:	CWE-16	Trust: 1.0
problemtype:	CWE-1188	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-118465 // JVNDB: JVNDB-2018-006125 // NVD: CVE-2018-0263

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201806-403

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201806-403

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006125

PATCH

title:

cisco-sa-20180606-cms-id

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id

Trust: 0.8

sources: JVNDB: JVNDB-2018-006125

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0263	Trust: 2.8
db:	BID	id:	104419	Trust: 2.0
db:	SECTRACK	id:	1041065	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006125	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-403	Trust: 0.7
db:	VULHUB	id:	VHN-118465	Trust: 0.1

sources: VULHUB: VHN-118465 // BID: 104419 // JVNDB: JVNDB-2018-006125 // CNNVD: CNNVD-201806-403 // NVD: CVE-2018-0263

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-cms-id	Trust: 2.0
url:	http://www.securityfocus.com/bid/104419	Trust: 1.7
url:	http://www.securitytracker.com/id/1041065	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0263	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0263	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118465 // BID: 104419 // JVNDB: JVNDB-2018-006125 // CNNVD: CNNVD-201806-403 // NVD: CVE-2018-0263

CREDITS

Cisco

Trust: 0.3

sources: BID: 104419

SOURCES

db:	VULHUB	id:	VHN-118465
db:	BID	id:	104419
db:	JVNDB	id:	JVNDB-2018-006125
db:	CNNVD	id:	CNNVD-201806-403
db:	NVD	id:	CVE-2018-0263

LAST UPDATE DATE

2024-11-23T23:02:08.247000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118465	date:	2020-09-04T00:00:00
db:	BID	id:	104419	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006125	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-403	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0263	date:	2024-11-21T03:37:50.433

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118465	date:	2018-06-07T00:00:00
db:	BID	id:	104419	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006125	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-403	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0263	date:	2018-06-07T12:29:00.307