Lucene search

CiscoCVE-2018-0216

HistoryMar 08, 2018 - 7:29 a.m.

CVE-2018-0216

2018-03-0807:29:00

CWE-352

cisco

web.nvd.nist.gov

cve-2018-0216

cisco identity services engine

ise

web-based management

csrf attack

nvd

vulnerability

cisco bug ids

cscvf69805

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvf69805.

Affected configurations

Nvd

Node

ciscoidentity_services_engineMatch2.0\(0.249\)

ciscoidentity_services_engineMatch2.1\(0.476\)

ciscoidentity_services_engineMatch2.2\(0.471\)

ciscoidentity_services_engineMatch2.3\(0.298\)

VendorProductVersionCPE
ciscoidentity_services_engine2.0(0.249)cpe:2.3:a:cisco:identity_services_engine:2.0\(0.249\):*:*:*:*:*:*:*
ciscoidentity_services_engine2.1(0.476)cpe:2.3:a:cisco:identity_services_engine:2.1\(0.476\):*:*:*:*:*:*:*
ciscoidentity_services_engine2.2(0.471)cpe:2.3:a:cisco:identity_services_engine:2.2\(0.471\):*:*:*:*:*:*:*
ciscoidentity_services_engine2.3(0.298)cpe:2.3:a:cisco:identity_services_engine:2.3\(0.298\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	2.0(0.249)	cpe:2.3:a:cisco:identity_services_engine:2.0\(0.249\):::::::*
cisco	identity_services_engine	2.1(0.476)	cpe:2.3:a:cisco:identity_services_engine:2.1\(0.476\):::::::*
cisco	identity_services_engine	2.2(0.471)	cpe:2.3:a:cisco:identity_services_engine:2.2\(0.471\):::::::*
cisco	identity_services_engine	2.3(0.298)	cpe:2.3:a:cisco:identity_services_engine:2.3\(0.298\):::::::*

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Identity Services Engine"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103336

www.securitytracker.com/id/1040471

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise5

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

45.7%

JSON

Related for CVE-2018-0216