Sign-up

ID

VAR-201801-1043


CVE

CVE-2018-0092


TITLE

Cisco NX-OS Vulnerabilities related to authorization, authority, and access control in system software

Trust: 0.8

sources: JVNDB: JVNDB-2018-001505

DESCRIPTION

A vulnerability in the network-operator user role implementation for Cisco NX-OS System Software could allow an authenticated, local attacker to improperly delete valid user accounts. The network-operator role should not be able to delete other configured users on the device. The vulnerability is due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. An attacker could exploit this vulnerability by authenticating to the device with user credentials that give that user the network-operator role. Successful exploitation could allow the attacker to impact the integrity of the device by deleting configured user credentials. The attacker would need valid user credentials for the device. This vulnerability affects the following Cisco products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 3600 Platform Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvg21120. Cisco NX-OS System software contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvg21120 It is released as.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. are products of Cisco. The Nexus 9500R-Series LineCards is a 9500R line card. NX-OSSystemSoftware is a set of operating systems running on it. Cisco NX-OS System Software is prone to a local security-bypass vulnerability. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-0092 // JVNDB: JVNDB-2018-001505 // CNVD: CNVD-2018-02052 // BID: 102750 // VULHUB: VHN-118294

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02052

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i6\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i5\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i7\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switches in nx-os modescope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3600

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:95000

Trust: 0.3

vendor:ciscomodel:nexus series switches standalone nx-os modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.0 i7scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.0 i6scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus series switches 12.3scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus platform switchesscope:eqversion:36000

Trust: 0.3

vendor:ciscomodel:nexus series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.0 i7scope:neversion:9000

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.0 i6scope:neversion:9000

Trust: 0.3

sources: CNVD: CNVD-2018-02052 // BID: 102750 // JVNDB: JVNDB-2018-001505 // CNNVD: CNNVD-201801-627 // NVD: CVE-2018-0092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0092
value: HIGH

Trust: 1.0

NVD: CVE-2018-0092
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02052
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-627
value: HIGH

Trust: 0.6

VULHUB: VHN-118294
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0092
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02052
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:N/I:C/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118294
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0092
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02052 // VULHUB: VHN-118294 // JVNDB: JVNDB-2018-001505 // CNNVD: CNNVD-201801-627 // NVD: CVE-2018-0092

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-862

Trust: 1.1

sources: VULHUB: VHN-118294 // JVNDB: JVNDB-2018-001505 // NVD: CVE-2018-0092

THREAT TYPE

local

Trust: 0.9

sources: BID: 102750 // CNNVD: CNNVD-201801-627

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-627

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001505

PATCH
title:cisco-sa-20180117-nxos1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1
Trust: 0.8
title:Cisco NX-OS System Software Unauthorized Patch for Operating Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/114505
Trust: 0.6
title:Multiple Cisco product Cisco NX-OS System Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77807
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02052 // 
            
            
            
            JVNDB: JVNDB-2018-001505 // 
            
            
            
            CNNVD: CNNVD-201801-627

EXTERNAL IDS
db:NVDid:CVE-2018-0092
Trust: 3.4
db:BIDid:102750
Trust: 2.0
db:SECTRACKid:1040248
Trust: 1.7
db:JVNDBid:JVNDB-2018-001505
Trust: 0.8
db:CNNVDid:CNNVD-201801-627
Trust: 0.7
db:CNVDid:CNVD-2018-02052
Trust: 0.6
db:VULHUBid:VHN-118294
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02052 // 
            
            
            
            VULHUB: VHN-118294 // 
            
            
            
            BID: 102750 // 
            
            
            
            JVNDB: JVNDB-2018-001505 // 
            
            
            
            CNNVD: CNNVD-201801-627 // 
            
            
            
            NVD: CVE-2018-0092

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-nxos1
Trust: 2.6
url:http://www.securityfocus.com/bid/102750
Trust: 1.7
url:http://www.securitytracker.com/id/1040248
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0092
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0092
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02052 // 
            
            
            
            VULHUB: VHN-118294 // 
            
            
            
            BID: 102750 // 
            
            
            
            JVNDB: JVNDB-2018-001505 // 
            
            
            
            CNNVD: CNNVD-201801-627 // 
            
            
            
            NVD: CVE-2018-0092

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102750

SOURCES
db:CNVDid:CNVD-2018-02052
db:VULHUBid:VHN-118294
db:BIDid:102750
db:JVNDBid:JVNDB-2018-001505
db:CNNVDid:CNNVD-201801-627
db:NVDid:CVE-2018-0092

LAST UPDATE DATE
2024-11-23T22:12:41.849000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02052date:2018-03-06T00:00:00
db:VULHUBid:VHN-118294date:2019-10-09T00:00:00
db:BIDid:102750date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001505date:2018-02-22T00:00:00
db:CNNVDid:CNNVD-201801-627date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0092date:2024-11-21T03:37:30.323

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02052date:2018-01-22T00:00:00
db:VULHUBid:VHN-118294date:2018-01-18T00:00:00
db:BIDid:102750date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001505date:2018-02-22T00:00:00
db:CNNVDid:CNNVD-201801-627date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0092date:2018-01-18T06:29:00.597