Sign-up

ID

VAR-201811-0184


CVE

CVE-2018-15448


TITLE

Cisco Registered Envelope Service Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011544

DESCRIPTION

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. This issue is being tracked by Cisco bug ID CSCvj88457. The product includes read receipts for mail, mail recycling, mail forwarding and replying, and smartphone support

Trust: 1.98

sources: NVD: CVE-2018-15448 // JVNDB: JVNDB-2018-011544 // BID: 105862 // VULHUB: VHN-125708

AFFECTED PRODUCTS

vendor:ciscomodel:registered envelope servicescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:registered envelope servicescope: - version: -

Trust: 0.8

vendor:ciscomodel:registered envelope servicescope:eqversion:0

Trust: 0.3

sources: BID: 105862 // JVNDB: JVNDB-2018-011544 // CNNVD: CNNVD-201811-185 // NVD: CVE-2018-15448

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15448
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15448
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15448
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-185
value: HIGH

Trust: 0.6

VULHUB: VHN-125708
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15448
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125708
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15448
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15448
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2018-15448
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-125708 // JVNDB: JVNDB-2018-011544 // CNNVD: CNNVD-201811-185 // NVD: CVE-2018-15448 // NVD: CVE-2018-15448

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-125708 // JVNDB: JVNDB-2018-011544 // NVD: CVE-2018-15448

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-185

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201811-185

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011544

PATCH
title:cisco-sa-20181107-res-info-discurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-res-info-disc
Trust: 0.8
title:Cisco Registered Envelope Service Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86665
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011544 // 
            
            
            
            CNNVD: CNNVD-201811-185

EXTERNAL IDS
db:NVDid:CVE-2018-15448
Trust: 2.8
db:BIDid:105862
Trust: 2.0
db:JVNDBid:JVNDB-2018-011544
Trust: 0.8
db:CNNVDid:CNNVD-201811-185
Trust: 0.7
db:VULHUBid:VHN-125708
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125708 // 
            
            
            
            BID: 105862 // 
            
            
            
            JVNDB: JVNDB-2018-011544 // 
            
            
            
            CNNVD: CNNVD-201811-185 // 
            
            
            
            NVD: CVE-2018-15448

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-res-info-disc
Trust: 2.6
url:http://www.securityfocus.com/bid/105862
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15448
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15448
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125708 // 
            
            
            
            BID: 105862 // 
            
            
            
            JVNDB: JVNDB-2018-011544 // 
            
            
            
            CNNVD: CNNVD-201811-185 // 
            
            
            
            NVD: CVE-2018-15448

CREDITS
Cisco would like to thank security researcher Ravela Pramod Kumar for reporting this vulnerability.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201811-185

SOURCES
db:VULHUBid:VHN-125708
db:BIDid:105862
db:JVNDBid:JVNDB-2018-011544
db:CNNVDid:CNNVD-201811-185
db:NVDid:CVE-2018-15448

LAST UPDATE DATE
2024-11-23T21:38:02.862000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125708date:2020-09-16T00:00:00
db:BIDid:105862date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011544date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201811-185date:2020-09-17T00:00:00
db:NVDid:CVE-2018-15448date:2024-11-21T03:50:49.547

SOURCES RELEASE DATE
db:VULHUBid:VHN-125708date:2018-11-08T00:00:00
db:BIDid:105862date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011544date:2019-01-16T00:00:00
db:CNNVDid:CNNVD-201811-185date:2018-11-08T00:00:00
db:NVDid:CVE-2018-15448date:2018-11-08T19:29:01.113