Sign-up

ID

VAR-201807-0435


CVE

CVE-2018-0394


TITLE

Cisco Cloud Services Platform 2100 Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009080

DESCRIPTION

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the user interface. An attacker could exploit this vulnerability by injecting code into a function parameter. Cisco Bug IDs: CSCvi12935. Cisco Cloud Services Platform 2100 Contains a buffer error vulnerability. Vendors report this vulnerability Bug IDs: CSCvi12935 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Trust: 1.98

sources: NVD: CVE-2018-0394 // JVNDB: JVNDB-2018-009080 // BID: 104881 // VULHUB: VHN-118596

AFFECTED PRODUCTS

vendor:ciscomodel:cloud services platform 2100scope:eqversion:2.2\(4\)

Trust: 1.6

vendor:ciscomodel:cloud services platform 2100scope: - version: -

Trust: 0.8

vendor:ciscomodel:cloud services platformscope:eqversion:21000

Trust: 0.3

sources: BID: 104881 // JVNDB: JVNDB-2018-009080 // CNNVD: CNNVD-201807-1289 // NVD: CVE-2018-0394

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0394
value: HIGH

Trust: 1.0

NVD: CVE-2018-0394
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1289
value: HIGH

Trust: 0.6

VULHUB: VHN-118596
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0394
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118596
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0394
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118596 // JVNDB: JVNDB-2018-009080 // CNNVD: CNNVD-201807-1289 // NVD: CVE-2018-0394

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118596 // JVNDB: JVNDB-2018-009080 // NVD: CVE-2018-0394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1289

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 104881 // CNNVD: CNNVD-201807-1289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009080

PATCH
title:cisco-sa-20180718-csp2100-injectionurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-csp2100-injection
Trust: 0.8
title:Cisco Cloud Services Platform 2100 Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82190
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009080 // 
            
            
            
            CNNVD: CNNVD-201807-1289

EXTERNAL IDS
db:NVDid:CVE-2018-0394
Trust: 2.8
db:BIDid:104881
Trust: 2.0
db:JVNDBid:JVNDB-2018-009080
Trust: 0.8
db:CNNVDid:CNNVD-201807-1289
Trust: 0.7
db:VULHUBid:VHN-118596
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118596 // 
            
            
            
            BID: 104881 // 
            
            
            
            JVNDB: JVNDB-2018-009080 // 
            
            
            
            CNNVD: CNNVD-201807-1289 // 
            
            
            
            NVD: CVE-2018-0394

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-csp2100-injection
Trust: 2.0
url:http://www.securityfocus.com/bid/104881
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0394
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0394
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118596 // 
            
            
            
            BID: 104881 // 
            
            
            
            JVNDB: JVNDB-2018-009080 // 
            
            
            
            CNNVD: CNNVD-201807-1289 // 
            
            
            
            NVD: CVE-2018-0394

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104881

SOURCES
db:VULHUBid:VHN-118596
db:BIDid:104881
db:JVNDBid:JVNDB-2018-009080
db:CNNVDid:CNNVD-201807-1289
db:NVDid:CVE-2018-0394

LAST UPDATE DATE
2024-11-23T22:30:20.619000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118596date:2019-10-09T00:00:00
db:BIDid:104881date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-009080date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201807-1289date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0394date:2024-11-21T03:38:08.260

SOURCES RELEASE DATE
db:VULHUBid:VHN-118596date:2018-07-18T00:00:00
db:BIDid:104881date:2018-07-18T00:00:00
db:JVNDBid:JVNDB-2018-009080date:2018-11-07T00:00:00
db:CNNVDid:CNNVD-201807-1289date:2018-07-19T00:00:00
db:NVDid:CVE-2018-0394date:2018-07-18T23:29:01.243