Details of VAR-201807-0433

ID

VAR-201807-0433

CVE

CVE-2018-0392

TITLE

Cisco Policy Suite Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008392

DESCRIPTION

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087. Vendors have confirmed this vulnerability Bug ID CSCvh18087 It is released as.Information may be obtained. This solution provides functions such as user-based business rules, real-time management of applications and network resources

Trust: 1.98

sources: NVD: CVE-2018-0392 // JVNDB: JVNDB-2018-008392 // BID: 104866 // VULHUB: VHN-118594

AFFECTED PRODUCTS

vendor:	cisco	model:	mobility services engine 3310	scope:	eq	version:	14.0.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine 3355	scope:	eq	version:	14.0.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine 3365	scope:	eq	version:	14.0.0	Trust: 1.6
vendor:	cisco	model:	3310 series mobility service engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	3355 series mobility service engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	3365 series mobility service engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	policy suite	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104866 // JVNDB: JVNDB-2018-008392 // CNNVD: CNNVD-201807-1291 // NVD: CVE-2018-0392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0392
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0392
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-1291
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118594
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0392
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118594
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0392
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118594 // JVNDB: JVNDB-2018-008392 // CNNVD: CNNVD-201807-1291 // NVD: CVE-2018-0392

PROBLEMTYPE DATA

problemtype:	CWE-275	Trust: 1.9
problemtype:	CWE-732	Trust: 1.1

sources: VULHUB: VHN-118594 // JVNDB: JVNDB-2018-008392 // NVD: CVE-2018-0392

THREAT TYPE

local

Trust: 0.9

sources: BID: 104866 // CNNVD: CNNVD-201807-1291

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1291

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008392

PATCH

title:	cisco-sa-20180718-policy-suite-data	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-data	Trust: 0.8
title:	Cisco Policy Suite Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82192	Trust: 0.6

sources: JVNDB: JVNDB-2018-008392 // CNNVD: CNNVD-201807-1291

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0392	Trust: 2.8
db:	BID	id:	104866	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008392	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1291	Trust: 0.7
db:	VULHUB	id:	VHN-118594	Trust: 0.1

sources: VULHUB: VHN-118594 // BID: 104866 // JVNDB: JVNDB-2018-008392 // CNNVD: CNNVD-201807-1291 // NVD: CVE-2018-0392

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-policy-suite-data	Trust: 2.0
url:	http://www.securityfocus.com/bid/104866	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0392	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0392	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118594 // BID: 104866 // JVNDB: JVNDB-2018-008392 // CNNVD: CNNVD-201807-1291 // NVD: CVE-2018-0392

CREDITS

Cisco

Trust: 0.3

sources: BID: 104866

SOURCES

db:	VULHUB	id:	VHN-118594
db:	BID	id:	104866
db:	JVNDB	id:	JVNDB-2018-008392
db:	CNNVD	id:	CNNVD-201807-1291
db:	NVD	id:	CVE-2018-0392

LAST UPDATE DATE

2024-11-23T22:22:03.098000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118594	date:	2019-10-09T00:00:00
db:	BID	id:	104866	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008392	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1291	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0392	date:	2024-11-21T03:38:08.013

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118594	date:	2018-07-18T00:00:00
db:	BID	id:	104866	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008392	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1291	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-0392	date:	2018-07-18T23:29:01.150