Details of VAR-201806-1015

ID

VAR-201806-1015

CVE

CVE-2018-0335

TITLE

Cisco Prime Collaboration Provisioning Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-006092

DESCRIPTION

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this vulnerability by monitoring a specific World-Readable file for this authentication data (Cleartext Passwords). An exploit could allow the attacker to gain authentication information for other users. Cisco Bug IDs: CSCvd86602. Vendors have confirmed this vulnerability Bug ID CSCvd86602 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2018-0335 // JVNDB: JVNDB-2018-006092 // BID: 104473 // VULHUB: VHN-118537

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration	scope:	eq	version:	12.2	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104473 // JVNDB: JVNDB-2018-006092 // CNNVD: CNNVD-201806-369 // NVD: CVE-2018-0335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0335
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0335
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-369
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118537
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0335
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118537
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0335
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118537 // JVNDB: JVNDB-2018-006092 // CNNVD: CNNVD-201806-369 // NVD: CVE-2018-0335

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-532	Trust: 1.1

sources: VULHUB: VHN-118537 // JVNDB: JVNDB-2018-006092 // NVD: CVE-2018-0335

THREAT TYPE

local

Trust: 0.9

sources: BID: 104473 // CNNVD: CNNVD-201806-369

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201806-369

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006092

PATCH

title:	cisco-sa-20180606-cpcp-id	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cpcp-id	Trust: 0.8
title:	Cisco Prime Collaboration Provisioning Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80724	Trust: 0.6

sources: JVNDB: JVNDB-2018-006092 // CNNVD: CNNVD-201806-369

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0335	Trust: 2.8
db:	BID	id:	104473	Trust: 2.0
db:	SECTRACK	id:	1041069	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006092	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-369	Trust: 0.7
db:	VULHUB	id:	VHN-118537	Trust: 0.1

sources: VULHUB: VHN-118537 // BID: 104473 // JVNDB: JVNDB-2018-006092 // CNNVD: CNNVD-201806-369 // NVD: CVE-2018-0335

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-cpcp-id	Trust: 2.0
url:	http://www.securityfocus.com/bid/104473	Trust: 1.7
url:	http://www.securitytracker.com/id/1041069	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0335	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0335	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118537 // BID: 104473 // JVNDB: JVNDB-2018-006092 // CNNVD: CNNVD-201806-369 // NVD: CVE-2018-0335

CREDITS

Cisco

Trust: 0.3

sources: BID: 104473

SOURCES

db:	VULHUB	id:	VHN-118537
db:	BID	id:	104473
db:	JVNDB	id:	JVNDB-2018-006092
db:	CNNVD	id:	CNNVD-201806-369
db:	NVD	id:	CVE-2018-0335

LAST UPDATE DATE

2024-11-23T21:53:05.371000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118537	date:	2019-10-09T00:00:00
db:	BID	id:	104473	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006092	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-369	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0335	date:	2024-11-21T03:38:00.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118537	date:	2018-06-07T00:00:00
db:	BID	id:	104473	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006092	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-369	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0335	date:	2018-06-07T21:29:00.540