Sign-up

ID

VAR-201810-0312


CVE

CVE-2018-0437


TITLE

Cisco Umbrella Enterprise Roaming Client Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-013052

DESCRIPTION

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper implementation of file system permissions, which could allow non-administrative users to place files within restricted directories. An attacker could exploit this vulnerability by placing an executable file within the restricted directory, which when executed by the ERC client, would run with Administrator privileges. This issue is being tracked by Cisco Bug IDs CSCvj46275 and CSCvj48400. Roaming Module is a roaming control module. This vulnerability stems from the fact that the program does not implement file system permissions correctly. Table of contents

Trust: 1.98

sources: NVD: CVE-2018-0437 // JVNDB: JVNDB-2018-013052 // BID: 105292 // VULHUB: VHN-118639

AFFECTED PRODUCTS

vendor:ciscomodel:umbrella roaming modulescope:eqversion:4.3\(1095\)

Trust: 1.6

vendor:ciscomodel:umbrella roaming modulescope:ltversion:4.6.1098

Trust: 1.0

vendor:ciscomodel:umbrella enterprise roaming clientscope:ltversion:2.1.118

Trust: 1.0

vendor:ciscomodel:umbrella enterprise roaming clientscope: - version: -

Trust: 0.8

vendor:ciscomodel:umbrella roaming modulescope: - version: -

Trust: 0.8

vendor:ciscomodel:umbrella roaming modulescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:umbrella ercscope:eqversion:2.1.112

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:umbrella roaming modulescope:neversion:4.6.1098

Trust: 0.3

vendor:ciscomodel:umbrella ercscope:neversion:2.1.118

Trust: 0.3

sources: BID: 105292 // JVNDB: JVNDB-2018-013052 // CNNVD: CNNVD-201809-257 // NVD: CVE-2018-0437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0437
value: HIGH

Trust: 1.0

NVD: CVE-2018-0437
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-257
value: HIGH

Trust: 0.6

VULHUB: VHN-118639
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0437
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118639
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0437
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118639 // JVNDB: JVNDB-2018-013052 // CNNVD: CNNVD-201809-257 // NVD: CVE-2018-0437

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

problemtype:CWE-269

Trust: 1.1

sources: VULHUB: VHN-118639 // JVNDB: JVNDB-2018-013052 // NVD: CVE-2018-0437

THREAT TYPE

local

Trust: 0.9

sources: BID: 105292 // CNNVD: CNNVD-201809-257

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-257

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013052

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-118639

PATCH
title:cisco-sa-20180905-umbrella-privurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-umbrella-priv
Trust: 0.8
title:Cisco Umbrella Enterprise Roaming Client  and Roaming Module Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84588
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013052 // 
            
            
            
            CNNVD: CNNVD-201809-257

EXTERNAL IDS
db:NVDid:CVE-2018-0437
Trust: 2.8
db:BIDid:105292
Trust: 2.0
db:EXPLOIT-DBid:45339
Trust: 1.7
db:JVNDBid:JVNDB-2018-013052
Trust: 0.8
db:CNNVDid:CNNVD-201809-257
Trust: 0.7
db:PACKETSTORMid:149253
Trust: 0.1
db:VULHUBid:VHN-118639
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118639 // 
            
            
            
            BID: 105292 // 
            
            
            
            JVNDB: JVNDB-2018-013052 // 
            
            
            
            CNNVD: CNNVD-201809-257 // 
            
            
            
            NVD: CVE-2018-0437

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-umbrella-priv
Trust: 2.0
url:http://www.securityfocus.com/bid/105292
Trust: 1.7
url:https://www.exploit-db.com/exploits/45339/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0437
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0437
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118639 // 
            
            
            
            BID: 105292 // 
            
            
            
            JVNDB: JVNDB-2018-013052 // 
            
            
            
            CNNVD: CNNVD-201809-257 // 
            
            
            
            NVD: CVE-2018-0437

CREDITS
Quentin Rhoads at Critical Start.
Trust: 0.3
sources:
            
            
            BID: 105292

SOURCES
db:VULHUBid:VHN-118639
db:BIDid:105292
db:JVNDBid:JVNDB-2018-013052
db:CNNVDid:CNNVD-201809-257
db:NVDid:CVE-2018-0437

LAST UPDATE DATE
2024-11-23T22:48:33.988000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118639date:2019-10-09T00:00:00
db:BIDid:105292date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-013052date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201809-257date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0437date:2024-11-21T03:38:13.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-118639date:2018-10-05T00:00:00
db:BIDid:105292date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-013052date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201809-257date:2018-09-06T00:00:00
db:NVDid:CVE-2018-0437date:2018-10-05T14:29:02.043