Details of VAR-201801-1061

ID

VAR-201801-1061

CVE

CVE-2018-0110

TITLE

Cisco WebEx Meetings Server Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-001545

DESCRIPTION

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. Cisco WebEx Meetings Server Contains vulnerabilities related to security features. Vendors have confirmed this vulnerability Bug ID CSCvg46741 It is released as.Information may be obtained and information may be altered. This may aid in further attacks. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

Trust: 1.98

sources: NVD: CVE-2018-0110 // JVNDB: JVNDB-2018-001545 // BID: 102773 // VULHUB: VHN-118312

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	0	Trust: 0.3

sources: BID: 102773 // JVNDB: JVNDB-2018-001545 // CNNVD: CNNVD-201801-612 // NVD: CVE-2018-0110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0110
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0110
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201801-612
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118312
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0110
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118312
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0110
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118312 // JVNDB: JVNDB-2018-001545 // CNNVD: CNNVD-201801-612 // NVD: CVE-2018-0110

PROBLEMTYPE DATA

problemtype:	CWE-254	Trust: 1.9
problemtype:	CWE-863	Trust: 1.1

sources: VULHUB: VHN-118312 // JVNDB: JVNDB-2018-001545 // NVD: CVE-2018-0110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-612

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201801-612

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001545

PATCH

title:	cisco-sa-20180117-wms2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2	Trust: 0.8
title:	Cisco WebEx Meetings Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77792	Trust: 0.6

sources: JVNDB: JVNDB-2018-001545 // CNNVD: CNNVD-201801-612

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0110	Trust: 2.8
db:	BID	id:	102773	Trust: 2.0
db:	SECTRACK	id:	1040236	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-001545	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-612	Trust: 0.7
db:	VULHUB	id:	VHN-118312	Trust: 0.1

sources: VULHUB: VHN-118312 // BID: 102773 // JVNDB: JVNDB-2018-001545 // CNNVD: CNNVD-201801-612 // NVD: CVE-2018-0110

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-wms2	Trust: 2.0
url:	http://www.securityfocus.com/bid/102773	Trust: 1.7
url:	http://www.securitytracker.com/id/1040236	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0110	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0110	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118312 // BID: 102773 // JVNDB: JVNDB-2018-001545 // CNNVD: CNNVD-201801-612 // NVD: CVE-2018-0110

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 102773

SOURCES

db:	VULHUB	id:	VHN-118312
db:	BID	id:	102773
db:	JVNDB	id:	JVNDB-2018-001545
db:	CNNVD	id:	CNNVD-201801-612
db:	NVD	id:	CVE-2018-0110

LAST UPDATE DATE

2024-11-23T22:48:51.715000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118312	date:	2019-10-09T00:00:00
db:	BID	id:	102773	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001545	date:	2018-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201801-612	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0110	date:	2024-11-21T03:37:32.470

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118312	date:	2018-01-18T00:00:00
db:	BID	id:	102773	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001545	date:	2018-02-23T00:00:00
db:	CNNVD	id:	CNNVD-201801-612	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0110	date:	2018-01-18T06:29:01.423