Sign-up

ID

VAR-201801-1059


CVE

CVE-2018-0108


TITLE

Cisco WebEx Meetings Server In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-001493

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996. Vendors have confirmed this vulnerability Bug ID CSCvg36996 It is released as.Information may be obtained. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. An information disclosure vulnerability exists in CWMS

Trust: 1.98

sources: NVD: CVE-2018-0108 // JVNDB: JVNDB-2018-001493 // BID: 102720 // VULHUB: VHN-118310

AFFECTED PRODUCTS

vendor:ciscomodel:webex meetings serverscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meetings serverscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:webex meetings serverscope:eqversion:2.6

Trust: 0.3

sources: BID: 102720 // JVNDB: JVNDB-2018-001493 // CNNVD: CNNVD-201801-614 // NVD: CVE-2018-0108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0108
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0108
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201801-614
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118310
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0108
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118310
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0108
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118310 // JVNDB: JVNDB-2018-001493 // CNNVD: CNNVD-201801-614 // NVD: CVE-2018-0108

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-118310 // JVNDB: JVNDB-2018-001493 // NVD: CVE-2018-0108

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-614

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201801-614

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001493

PATCH
title:cisco-sa-20180117-wmsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
Trust: 0.8
title:Cisco WebEx Meetings Server Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77794
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001493 // 
            
            
            
            CNNVD: CNNVD-201801-614

EXTERNAL IDS
db:NVDid:CVE-2018-0108
Trust: 2.8
db:BIDid:102720
Trust: 2.0
db:SECTRACKid:1040238
Trust: 1.7
db:JVNDBid:JVNDB-2018-001493
Trust: 0.8
db:CNNVDid:CNNVD-201801-614
Trust: 0.7
db:VULHUBid:VHN-118310
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118310 // 
            
            
            
            BID: 102720 // 
            
            
            
            JVNDB: JVNDB-2018-001493 // 
            
            
            
            CNNVD: CNNVD-201801-614 // 
            
            
            
            NVD: CVE-2018-0108

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-wms
Trust: 2.0
url:http://www.securityfocus.com/bid/102720
Trust: 1.7
url:http://www.securitytracker.com/id/1040238
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0108
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0108
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118310 // 
            
            
            
            BID: 102720 // 
            
            
            
            JVNDB: JVNDB-2018-001493 // 
            
            
            
            CNNVD: CNNVD-201801-614 // 
            
            
            
            NVD: CVE-2018-0108

CREDITS
Adam Willard of Blue Canopy
Trust: 0.3
sources:
            
            
            BID: 102720

SOURCES
db:VULHUBid:VHN-118310
db:BIDid:102720
db:JVNDBid:JVNDB-2018-001493
db:CNNVDid:CNNVD-201801-614
db:NVDid:CVE-2018-0108

LAST UPDATE DATE
2024-11-23T22:41:59.845000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118310date:2019-10-09T00:00:00
db:BIDid:102720date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001493date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-614date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0108date:2024-11-21T03:37:32.230

SOURCES RELEASE DATE
db:VULHUBid:VHN-118310date:2018-01-18T00:00:00
db:BIDid:102720date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001493date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201801-614date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0108date:2018-01-18T06:29:01.330