Sign-up

ID

VAR-201801-1048


CVE

CVE-2018-0097


TITLE

Cisco Prime Infrastructure Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001622

DESCRIPTION

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646. Vendors have confirmed this vulnerability Bug ID CSCve37646 It is released as.Information may be obtained and information may be altered. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible

Trust: 1.98

sources: NVD: CVE-2018-0097 // JVNDB: JVNDB-2018-001622 // BID: 102724 // VULHUB: VHN-118299

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 1.4

vendor:ciscomodel:prime infrastructurescope:eqversion:*

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1(5.0)

Trust: 0.3

sources: BID: 102724 // JVNDB: JVNDB-2018-001622 // CNNVD: CNNVD-201801-622 // NVD: CVE-2018-0097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0097
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0097
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201801-622
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118299
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0097
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118299
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0097
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118299 // JVNDB: JVNDB-2018-001622 // CNNVD: CNNVD-201801-622 // NVD: CVE-2018-0097

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-118299 // JVNDB: JVNDB-2018-001622 // NVD: CVE-2018-0097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-622

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 102724 // CNNVD: CNNVD-201801-622

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001622

PATCH
title:cisco-sa-20180117-prime-infrastructureurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure
Trust: 0.8
title:Cisco Prime Infrastructure Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77802
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001622 // 
            
            
            
            CNNVD: CNNVD-201801-622

EXTERNAL IDS
db:NVDid:CVE-2018-0097
Trust: 2.8
db:BIDid:102724
Trust: 2.0
db:SECTRACKid:1040243
Trust: 1.7
db:JVNDBid:JVNDB-2018-001622
Trust: 0.8
db:CNNVDid:CNNVD-201801-622
Trust: 0.7
db:VULHUBid:VHN-118299
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118299 // 
            
            
            
            BID: 102724 // 
            
            
            
            JVNDB: JVNDB-2018-001622 // 
            
            
            
            CNNVD: CNNVD-201801-622 // 
            
            
            
            NVD: CVE-2018-0097

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-prime-infrastructure
Trust: 2.0
url:http://www.securityfocus.com/bid/102724
Trust: 1.7
url:http://www.securitytracker.com/id/1040243
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0097
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0097
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118299 // 
            
            
            
            BID: 102724 // 
            
            
            
            JVNDB: JVNDB-2018-001622 // 
            
            
            
            CNNVD: CNNVD-201801-622 // 
            
            
            
            NVD: CVE-2018-0097

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102724

SOURCES
db:VULHUBid:VHN-118299
db:BIDid:102724
db:JVNDBid:JVNDB-2018-001622
db:CNNVDid:CNNVD-201801-622
db:NVDid:CVE-2018-0097

LAST UPDATE DATE
2024-11-23T23:02:13.929000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118299date:2019-10-09T00:00:00
db:BIDid:102724date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001622date:2018-02-27T00:00:00
db:CNNVDid:CNNVD-201801-622date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0097date:2024-11-21T03:37:30.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-118299date:2018-01-18T00:00:00
db:BIDid:102724date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001622date:2018-02-27T00:00:00
db:CNNVDid:CNNVD-201801-622date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0097date:2018-01-18T06:29:00.877