Details of VAR-201801-1056

ID

VAR-201801-1056

CVE

CVE-2018-0105

TITLE

Cisco Unified Communications Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-001516

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvf20269. Vendors have confirmed this vulnerability Bug ID CSCvf20269 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2018-0105 // JVNDB: JVNDB-2018-001516 // BID: 102725 // VULHUB: VHN-118307

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5(1.12900.9)	Trust: 0.3

sources: BID: 102725 // JVNDB: JVNDB-2018-001516 // CNNVD: CNNVD-201801-617 // NVD: CVE-2018-0105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0105
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0105
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201801-617
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118307
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0105
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118307
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0105
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0105
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118307 // JVNDB: JVNDB-2018-001516 // CNNVD: CNNVD-201801-617 // NVD: CVE-2018-0105

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-425	Trust: 1.1

sources: VULHUB: VHN-118307 // JVNDB: JVNDB-2018-001516 // NVD: CVE-2018-0105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-617

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-617

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001516

PATCH

title:

cisco-sa-20180117-ucm

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm

Trust: 0.8

sources: JVNDB: JVNDB-2018-001516

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0105	Trust: 2.8
db:	BID	id:	102725	Trust: 2.0
db:	SECTRACK	id:	1040245	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001516	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-617	Trust: 0.7
db:	VULHUB	id:	VHN-118307	Trust: 0.1

sources: VULHUB: VHN-118307 // BID: 102725 // JVNDB: JVNDB-2018-001516 // CNNVD: CNNVD-201801-617 // NVD: CVE-2018-0105

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-ucm	Trust: 2.0
url:	http://www.securityfocus.com/bid/102725	Trust: 1.7
url:	http://www.securitytracker.com/id/1040245	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0105	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0105	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-elm	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-118307 // BID: 102725 // JVNDB: JVNDB-2018-001516 // CNNVD: CNNVD-201801-617 // NVD: CVE-2018-0105

CREDITS

Cisco

Trust: 0.3

sources: BID: 102725

SOURCES

db:	VULHUB	id:	VHN-118307
db:	BID	id:	102725
db:	JVNDB	id:	JVNDB-2018-001516
db:	CNNVD	id:	CNNVD-201801-617
db:	NVD	id:	CVE-2018-0105

LAST UPDATE DATE

2024-11-23T22:34:25.313000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118307	date:	2020-09-04T00:00:00
db:	BID	id:	102725	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001516	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-617	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0105	date:	2024-11-21T03:37:31.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118307	date:	2018-01-18T00:00:00
db:	BID	id:	102725	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001516	date:	2018-02-22T00:00:00
db:	CNNVD	id:	CNNVD-201801-617	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0105	date:	2018-01-18T06:29:01.143