Lucene search

CiscoCVE-2018-0392

HistoryJul 18, 2018 - 11:29 p.m.

CVE-2018-0392

2018-07-1823:29:01

CWE-732

CWE-275

cisco

web.nvd.nist.gov

cisco

policy suite

cli

vulnerability

local attacker

access control

permission

exploit

nvd

cve-2018-0392

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco Policy Suite could allow an authenticated, local attacker to access files owned by another user. The vulnerability is due to insufficient access control permissions (i.e., World-Readable). An attacker could exploit this vulnerability by logging in to the CLI. An exploit could allow the attacker to access potentially sensitive files that are owned by a different user. Cisco Bug IDs: CSCvh18087.

Affected configurations

Nvd

Node

ciscomobility_services_engine_3365Match-

AND

ciscomobility_services_engine_3365_firmwareMatch14.0.0

Node

ciscomobility_services_engine_3355Match-

AND

ciscomobility_services_engine_3355_firmwareMatch14.0.0

Node

ciscomobility_services_engine_3310Match-

AND

ciscomobility_services_engine_3310_firmwareMatch14.0.0

VendorProductVersionCPE
ciscomobility_services_engine_3365-cpe:2.3:h:cisco:mobility_services_engine_3365:-:*:*:*:*:*:*:*
ciscomobility_services_engine_3365_firmware14.0.0cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:14.0.0:*:*:*:*:*:*:*
ciscomobility_services_engine_3355-cpe:2.3:h:cisco:mobility_services_engine_3355:-:*:*:*:*:*:*:*
ciscomobility_services_engine_3355_firmware14.0.0cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:14.0.0:*:*:*:*:*:*:*
ciscomobility_services_engine_3310-cpe:2.3:h:cisco:mobility_services_engine_3310:-:*:*:*:*:*:*:*
ciscomobility_services_engine_3310_firmware14.0.0cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:14.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	mobility_services_engine_3365	-	cpe:2.3:h:cisco:mobility_services_engine_3365:-:::::::*
cisco	mobility_services_engine_3365_firmware	14.0.0	cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:14.0.0:::::::*
cisco	mobility_services_engine_3355	-	cpe:2.3:h:cisco:mobility_services_engine_3355:-:::::::*
cisco	mobility_services_engine_3355_firmware	14.0.0	cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:14.0.0:::::::*
cisco	mobility_services_engine_3310	-	cpe:2.3:h:cisco:mobility_services_engine_3310:-:::::::*
cisco	mobility_services_engine_3310_firmware	14.0.0	cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:14.0.0:::::::*

CNA Affected

[
  {
    "product": "Cisco Policy Suite unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Policy Suite unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104866

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-data

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-0392