Details of VAR-201801-1047

ID

VAR-201801-1047

CVE

CVE-2018-0096

TITLE

Cisco Prime Infrastructure Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001508

DESCRIPTION

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875. Cisco Prime Infrastructure Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvg36875 It is released as.Information may be obtained and information may be altered. An attacker can exploit this issue to gain elevated privileges on an affected device

Trust: 1.98

sources: NVD: CVE-2018-0096 // JVNDB: JVNDB-2018-001508 // BID: 102727 // VULHUB: VHN-118298

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.2\(0.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.3\(0.0\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.3(0.0)	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.2(0.0)	Trust: 0.3

sources: BID: 102727 // JVNDB: JVNDB-2018-001508 // CNNVD: CNNVD-201801-623 // NVD: CVE-2018-0096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0096
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0096
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201801-623
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118298
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0096
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118298
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0096
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.7
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118298 // JVNDB: JVNDB-2018-001508 // CNNVD: CNNVD-201801-623 // NVD: CVE-2018-0096

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-863	Trust: 1.1

sources: VULHUB: VHN-118298 // JVNDB: JVNDB-2018-001508 // NVD: CVE-2018-0096

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-623

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-623

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001508

PATCH

title:	cisco-sa-20180117-cpi	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi	Trust: 0.8
title:	Cisco Prime Infrastructure Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77803	Trust: 0.6

sources: JVNDB: JVNDB-2018-001508 // CNNVD: CNNVD-201801-623

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0096	Trust: 2.8
db:	BID	id:	102727	Trust: 2.0
db:	SECTRACK	id:	1040242	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001508	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-623	Trust: 0.7
db:	VULHUB	id:	VHN-118298	Trust: 0.1

sources: VULHUB: VHN-118298 // BID: 102727 // JVNDB: JVNDB-2018-001508 // CNNVD: CNNVD-201801-623 // NVD: CVE-2018-0096

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-cpi	Trust: 2.0
url:	http://www.securityfocus.com/bid/102727	Trust: 1.7
url:	http://www.securitytracker.com/id/1040242	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0096	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0096	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/index.html	Trust: 0.3

sources: VULHUB: VHN-118298 // BID: 102727 // JVNDB: JVNDB-2018-001508 // CNNVD: CNNVD-201801-623 // NVD: CVE-2018-0096

CREDITS

Cisco

Trust: 0.3

sources: BID: 102727

SOURCES

db:	VULHUB	id:	VHN-118298
db:	BID	id:	102727
db:	JVNDB	id:	JVNDB-2018-001508
db:	CNNVD	id:	CNNVD-201801-623
db:	NVD	id:	CVE-2018-0096

LAST UPDATE DATE

2024-11-23T21:53:30.485000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118298	date:	2019-10-09T00:00:00
db:	BID	id:	102727	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001508	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-623	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0096	date:	2024-11-21T03:37:30.763

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118298	date:	2018-01-18T00:00:00
db:	BID	id:	102727	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001508	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-623	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0096	date:	2018-01-18T06:29:00.817