Details of VAR-201811-0182

ID

VAR-201811-0182

CVE

CVE-2018-15446

TITLE

Cisco Meeting Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011548

DESCRIPTION

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy mode. An attacker could exploit this vulnerability by sending meeting requests to an affected system. A successful exploit could allow the attacker to determine the values of meeting room unique identifiers, possibly allowing the attacker to conduct further exploits. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco bug ID CSCvk16348

Trust: 1.98

sources: NVD: CVE-2018-15446 // JVNDB: JVNDB-2018-011548 // BID: 105856 // VULHUB: VHN-125706

AFFECTED PRODUCTS

vendor:	cisco	model:	meeting server	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	meeting server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	meeting server	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 105856 // JVNDB: JVNDB-2018-011548 // CNNVD: CNNVD-201811-188 // NVD: CVE-2018-15446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15446
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-15446
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15446
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201811-188
value:	HIGH
Trust: 0.6
VULHUB:	VHN-125706
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15446
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125706
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15446
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2018-15446
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-125706 // JVNDB: JVNDB-2018-011548 // CNNVD: CNNVD-201811-188 // NVD: CVE-2018-15446 // NVD: CVE-2018-15446

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-125706 // JVNDB: JVNDB-2018-011548 // NVD: CVE-2018-15446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-188

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201811-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011548

PATCH

title:	cisco-sa-20181107-meeting-server	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meeting-server	Trust: 0.8
title:	Cisco Meeting Server Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86660	Trust: 0.6

sources: JVNDB: JVNDB-2018-011548 // CNNVD: CNNVD-201811-188

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15446	Trust: 2.8
db:	BID	id:	105856	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-011548	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-188	Trust: 0.7
db:	VULHUB	id:	VHN-125706	Trust: 0.1

sources: VULHUB: VHN-125706 // BID: 105856 // JVNDB: JVNDB-2018-011548 // CNNVD: CNNVD-201811-188 // NVD: CVE-2018-15446

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-meeting-server	Trust: 2.6
url:	http://www.securityfocus.com/bid/105856	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15446	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15446	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125706 // BID: 105856 // JVNDB: JVNDB-2018-011548 // CNNVD: CNNVD-201811-188 // NVD: CVE-2018-15446

CREDITS

Cisco would like to thank Andrea Marini and Francesco Russo from NTT DATA Italia for reporting this vulnerability. Cisco would like to thank Yamila Levalle from Innovation and Lab at ElevenPaths, the Cybersecurity Unit of Telefónica, for independently reporting this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-201811-188

SOURCES

db:	VULHUB	id:	VHN-125706
db:	BID	id:	105856
db:	JVNDB	id:	JVNDB-2018-011548
db:	CNNVD	id:	CNNVD-201811-188
db:	NVD	id:	CVE-2018-15446

LAST UPDATE DATE

2024-11-23T22:58:49.726000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125706	date:	2019-10-09T00:00:00
db:	BID	id:	105856	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011548	date:	2019-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201811-188	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15446	date:	2024-11-21T03:50:49.273

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125706	date:	2018-11-08T00:00:00
db:	BID	id:	105856	date:	2018-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-011548	date:	2019-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201811-188	date:	2018-11-08T00:00:00
db:	NVD	id:	CVE-2018-15446	date:	2018-11-08T18:29:00.413