Lucene search

[email protected]NVD:CVE-2018-0393

HistoryJul 18, 2018 - 11:29 p.m.

CVE-2018-0393

2018-07-1823:29:01

CWE-285

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.1%

JSON

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the Policy Builder interface and modifying an HTTP request. A successful exploit could allow the attacker to make changes to existing policies. Cisco Bug IDs: CSCvi35007.

Affected configurations

Nvd

Node

ciscomobility_services_engine_3365_firmwareMatch18.0.0

AND

ciscomobility_services_engine_3365Match-

Node

ciscomobility_services_engine_3355_firmwareMatch18.0.0

AND

ciscomobility_services_engine_3355Match-

Node

ciscomobility_services_engine_3310_firmwareMatch18.0.0

AND

ciscomobility_services_engine_3310Match-

VendorProductVersionCPE
ciscomobility_services_engine_3365_firmware18.0.0cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:18.0.0:*:*:*:*:*:*:*
ciscomobility_services_engine_3365-cpe:2.3:h:cisco:mobility_services_engine_3365:-:*:*:*:*:*:*:*
ciscomobility_services_engine_3355_firmware18.0.0cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:18.0.0:*:*:*:*:*:*:*
ciscomobility_services_engine_3355-cpe:2.3:h:cisco:mobility_services_engine_3355:-:*:*:*:*:*:*:*
ciscomobility_services_engine_3310_firmware18.0.0cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:18.0.0:*:*:*:*:*:*:*
ciscomobility_services_engine_3310-cpe:2.3:h:cisco:mobility_services_engine_3310:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	mobility_services_engine_3365_firmware	18.0.0	cpe:2.3:o:cisco:mobility_services_engine_3365_firmware:18.0.0:::::::*
cisco	mobility_services_engine_3365	-	cpe:2.3:h:cisco:mobility_services_engine_3365:-:::::::*
cisco	mobility_services_engine_3355_firmware	18.0.0	cpe:2.3:o:cisco:mobility_services_engine_3355_firmware:18.0.0:::::::*
cisco	mobility_services_engine_3355	-	cpe:2.3:h:cisco:mobility_services_engine_3355:-:::::::*
cisco	mobility_services_engine_3310_firmware	18.0.0	cpe:2.3:o:cisco:mobility_services_engine_3310_firmware:18.0.0:::::::*
cisco	mobility_services_engine_3310	-	cpe:2.3:h:cisco:mobility_services_engine_3310:-:::::::*

References

www.securityfocus.com/bid/104867

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-policy-suite-change

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.1%

JSON

Related for NVD:CVE-2018-0393

cve1 cvelist1 prion1 cisco1