Details of VAR-201807-0449

ID

VAR-201807-0449

CVE

CVE-2018-0368

TITLE

Cisco Digital Network Architecture Center Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-008400

DESCRIPTION

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient security restrictions imposed by the affected software. An attacker could exploit this vulnerability by accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected device. Cisco Bug IDs: CSCvi22400. Vendors have confirmed this vulnerability Bug ID CSCvi22400 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. The solution scales and protects devices, applications, and more within the network

Trust: 1.98

sources: NVD: CVE-2018-0368 // JVNDB: JVNDB-2018-008400 // BID: 104729 // VULHUB: VHN-118570

AFFECTED PRODUCTS

vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	eq	version:	1.1_base	Trust: 1.6
vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	digital network architecture center	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104729 // JVNDB: JVNDB-2018-008400 // CNNVD: CNNVD-201807-1220 // NVD: CVE-2018-0368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0368
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0368
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-1220
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118570
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0368
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118570
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0368
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118570 // JVNDB: JVNDB-2018-008400 // CNNVD: CNNVD-201807-1220 // NVD: CVE-2018-0368

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-118570 // JVNDB: JVNDB-2018-008400 // NVD: CVE-2018-0368

THREAT TYPE

local

Trust: 0.9

sources: BID: 104729 // CNNVD: CNNVD-201807-1220

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-1220

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008400

PATCH

title:	cisco-sa-20180711-dnac-id	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-dnac-id	Trust: 0.8
title:	Cisco Digital Network Architecture Center Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82164	Trust: 0.6

sources: JVNDB: JVNDB-2018-008400 // CNNVD: CNNVD-201807-1220

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0368	Trust: 2.8
db:	BID	id:	104729	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008400	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1220	Trust: 0.7
db:	VULHUB	id:	VHN-118570	Trust: 0.1

sources: VULHUB: VHN-118570 // BID: 104729 // JVNDB: JVNDB-2018-008400 // CNNVD: CNNVD-201807-1220 // NVD: CVE-2018-0368

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180711-dnac-id	Trust: 2.0
url:	http://www.securityfocus.com/bid/104729	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0368	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0368	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118570 // BID: 104729 // JVNDB: JVNDB-2018-008400 // CNNVD: CNNVD-201807-1220 // NVD: CVE-2018-0368

CREDITS

Cisco

Trust: 0.3

sources: BID: 104729

SOURCES

db:	VULHUB	id:	VHN-118570
db:	BID	id:	104729
db:	JVNDB	id:	JVNDB-2018-008400
db:	CNNVD	id:	CNNVD-201807-1220
db:	NVD	id:	CVE-2018-0368

LAST UPDATE DATE

2024-11-23T21:52:59.725000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118570	date:	2019-10-09T00:00:00
db:	BID	id:	104729	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-008400	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1220	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0368	date:	2024-11-21T03:38:04.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118570	date:	2018-07-16T00:00:00
db:	BID	id:	104729	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-008400	date:	2018-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201807-1220	date:	2018-07-17T00:00:00
db:	NVD	id:	CVE-2018-0368	date:	2018-07-16T17:29:00.423