Sign-up

ID

VAR-201806-1009


CVE

CVE-2018-0329


TITLE

Cisco Wide Area Application Services Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-006088

DESCRIPTION

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to a hard-coded, read-only community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 2c queries to an affected device. A successful exploit could allow the attacker to read any data that is accessible via SNMP on the affected device. Note: The static credentials are defined in an internal configuration file and are not visible in the current operation configuration ('running-config') or the startup configuration ('startup-config'). Cisco Bug IDs: CSCvi40137. Vendors have confirmed this vulnerability Bug ID CSCvi40137 It is released as.Information may be obtained. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This software is mainly used in the link environment with small bandwidth and large delay

Trust: 1.98

sources: NVD: CVE-2018-0329 // JVNDB: JVNDB-2018-006088 // BID: 104590 // VULHUB: VHN-118531

AFFECTED PRODUCTS

vendor:ciscomodel:wide area application servicesscope:eqversion:6.2\(3\)

Trust: 1.6

vendor:ciscomodel:wide area application servicesscope:eqversion:6.4\(1\)

Trust: 1.6

vendor:ciscomodel:wide area application services softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wide area application servicesscope:eqversion:0

Trust: 0.3

sources: BID: 104590 // JVNDB: JVNDB-2018-006088 // CNNVD: CNNVD-201806-373 // NVD: CVE-2018-0329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0329
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0329
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201806-373
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118531
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0329
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118531
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0329
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-0329
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118531 // JVNDB: JVNDB-2018-006088 // CNNVD: CNNVD-201806-373 // NVD: CVE-2018-0329

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-118531 // JVNDB: JVNDB-2018-006088 // NVD: CVE-2018-0329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-373

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006088

PATCH
title:cisco-sa-20180606-waas-snmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-waas-snmp
Trust: 0.8
title:Cisco Wide Area Application Services Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80727
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006088 // 
            
            
            
            CNNVD: CNNVD-201806-373

EXTERNAL IDS
db:NVDid:CVE-2018-0329
Trust: 2.8
db:BIDid:104590
Trust: 2.0
db:SECTRACKid:1041078
Trust: 1.7
db:JVNDBid:JVNDB-2018-006088
Trust: 0.8
db:CNNVDid:CNNVD-201806-373
Trust: 0.7
db:VULHUBid:VHN-118531
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118531 // 
            
            
            
            BID: 104590 // 
            
            
            
            JVNDB: JVNDB-2018-006088 // 
            
            
            
            CNNVD: CNNVD-201806-373 // 
            
            
            
            NVD: CVE-2018-0329

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-waas-snmp
Trust: 2.0
url:http://www.securityfocus.com/bid/104590
Trust: 1.7
url:http://www.securitytracker.com/id/1041078
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0329
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0329
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118531 // 
            
            
            
            BID: 104590 // 
            
            
            
            JVNDB: JVNDB-2018-006088 // 
            
            
            
            CNNVD: CNNVD-201806-373 // 
            
            
            
            NVD: CVE-2018-0329

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104590

SOURCES
db:VULHUBid:VHN-118531
db:BIDid:104590
db:JVNDBid:JVNDB-2018-006088
db:CNNVDid:CNNVD-201806-373
db:NVDid:CVE-2018-0329

LAST UPDATE DATE
2024-11-23T22:58:58.331000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118531date:2020-09-04T00:00:00
db:BIDid:104590date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006088date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-373date:2020-10-22T00:00:00
db:NVDid:CVE-2018-0329date:2024-11-21T03:37:59.460

SOURCES RELEASE DATE
db:VULHUBid:VHN-118531date:2018-06-07T00:00:00
db:BIDid:104590date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006088date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-373date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0329date:2018-06-07T21:29:00.353