Lucene search

CiscoCVE-2018-0262

HistoryMay 02, 2018 - 10:29 p.m.

CVE-2018-0262

2018-05-0222:29:00

CWE-16

cisco

web.nvd.nist.gov

cisco

meeting server

vulnerability

remote attacker

unauthorized access

remote code execution

cve-2018-0262

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.033

Percentile

91.4%

JSON

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469.

Affected configurations

Nvd

Node

ciscomeeting_serverMatch1.9

ciscomeeting_serverMatch2.0

ciscomeeting_serverMatch2.1

ciscomeeting_serverMatch2.2

ciscomeeting_serverMatch2.3

ciscomeeting_serverMatch2.4

VendorProductVersionCPE
ciscomeeting_server1.9cpe:2.3:a:cisco:meeting_server:1.9:*:*:*:*:*:*:*
ciscomeeting_server2.0cpe:2.3:a:cisco:meeting_server:2.0:*:*:*:*:*:*:*
ciscomeeting_server2.1cpe:2.3:a:cisco:meeting_server:2.1:*:*:*:*:*:*:*
ciscomeeting_server2.2cpe:2.3:a:cisco:meeting_server:2.2:*:*:*:*:*:*:*
ciscomeeting_server2.3cpe:2.3:a:cisco:meeting_server:2.3:*:*:*:*:*:*:*
ciscomeeting_server2.4cpe:2.3:a:cisco:meeting_server:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	meeting_server	1.9	cpe:2.3:a:cisco:meeting_server:1.9:::::::*
cisco	meeting_server	2.0	cpe:2.3:a:cisco:meeting_server:2.0:::::::*
cisco	meeting_server	2.1	cpe:2.3:a:cisco:meeting_server:2.1:::::::*
cisco	meeting_server	2.2	cpe:2.3:a:cisco:meeting_server:2.2:::::::*
cisco	meeting_server	2.3	cpe:2.3:a:cisco:meeting_server:2.3:::::::*
cisco	meeting_server	2.4	cpe:2.3:a:cisco:meeting_server:2.4:::::::*

CNA Affected

[
  {
    "product": "Cisco Meeting Server",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Meeting Server"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104079

www.securitytracker.com/id/1040819

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.033

Percentile

91.4%

JSON

Related for CVE-2018-0262