Sign-up

ID

VAR-201810-0328


CVE

CVE-2018-0454


TITLE

Cisco Cloud Services Platform 2100 Command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-011268 // CNNVD: CNNVD-201809-282

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. Cisco Cloud Services Platform (CSP) 2100 is a set of hardware and software platform for data center network function virtualization developed by Cisco

Trust: 1.71

sources: NVD: CVE-2018-0454 // JVNDB: JVNDB-2018-011268 // VULHUB: VHN-118656

AFFECTED PRODUCTS

vendor:ciscomodel:cloud services platform 2100scope:eqversion:2.2\(4\)

Trust: 1.6

vendor:ciscomodel:cloud services platform 2100scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-011268 // CNNVD: CNNVD-201809-282 // NVD: CVE-2018-0454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0454
value: HIGH

Trust: 1.0

NVD: CVE-2018-0454
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-282
value: HIGH

Trust: 0.6

VULHUB: VHN-118656
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0454
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118656
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0454
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118656 // JVNDB: JVNDB-2018-011268 // CNNVD: CNNVD-201809-282 // NVD: CVE-2018-0454

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-118656 // JVNDB: JVNDB-2018-011268 // NVD: CVE-2018-0454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-282

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-282

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011268

PATCH
title:cisco-sa-20180905-csp2100-injectionurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-csp2100-injection
Trust: 0.8
title:Cisco Cloud Services Platform 2100 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84613
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011268 // 
            
            
            
            CNNVD: CNNVD-201809-282

EXTERNAL IDS
db:NVDid:CVE-2018-0454
Trust: 2.5
db:SECTRACKid:1041683
Trust: 1.7
db:JVNDBid:JVNDB-2018-011268
Trust: 0.8
db:CNNVDid:CNNVD-201809-282
Trust: 0.7
db:VULHUBid:VHN-118656
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118656 // 
            
            
            
            JVNDB: JVNDB-2018-011268 // 
            
            
            
            CNNVD: CNNVD-201809-282 // 
            
            
            
            NVD: CVE-2018-0454

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-csp2100-injection
Trust: 1.7
url:http://www.securitytracker.com/id/1041683
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0454
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0454
Trust: 0.8
sources:
            
            
            VULHUB: VHN-118656 // 
            
            
            
            JVNDB: JVNDB-2018-011268 // 
            
            
            
            CNNVD: CNNVD-201809-282 // 
            
            
            
            NVD: CVE-2018-0454

SOURCES
db:VULHUBid:VHN-118656
db:JVNDBid:JVNDB-2018-011268
db:CNNVDid:CNNVD-201809-282
db:NVDid:CVE-2018-0454

LAST UPDATE DATE
2024-11-23T23:12:02.523000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118656date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011268date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201809-282date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0454date:2024-11-21T03:38:15.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-118656date:2018-10-05T00:00:00
db:JVNDBid:JVNDB-2018-011268date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201809-282date:2018-09-06T00:00:00
db:NVDid:CVE-2018-0454date:2018-10-05T14:29:03.450