Details of VAR-201801-1064

ID

VAR-201801-1064

CVE

CVE-2018-0115

TITLE

Cisco StarOS In the operating system OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001703

DESCRIPTION

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332. Cisco StarOS The operating system includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCvf93332 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR5000 Seriesrouters is a 5000 series secure router device from Cisco. The Cisco StarOS operating system is a set of virtualized operating systems running on it

Trust: 2.61

sources: NVD: CVE-2018-0115 // JVNDB: JVNDB-2018-001703 // CNVD: CNVD-2018-02053 // BID: 102788 // VULHUB: VHN-118317 // VULMON: CVE-2018-0115

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-02053

AFFECTED PRODUCTS

vendor:	cisco	model:	staros	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	staros	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	staros for asr series routers	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	staros	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.5	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.4	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.3.5	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500021.3.0.67664	Trust: 0.3

sources: CNVD: CNVD-2018-02053 // BID: 102788 // JVNDB: JVNDB-2018-001703 // CNNVD: CNNVD-201801-610 // NVD: CVE-2018-0115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0115
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0115
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-02053
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201801-610
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118317
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0115
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0115
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-02053
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118317
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0115
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-02053 // VULHUB: VHN-118317 // VULMON: CVE-2018-0115 // JVNDB: JVNDB-2018-001703 // CNNVD: CNNVD-201801-610 // NVD: CVE-2018-0115

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-118317 // JVNDB: JVNDB-2018-001703 // NVD: CVE-2018-0115

THREAT TYPE

local

Trust: 0.9

sources: BID: 102788 // CNNVD: CNNVD-201801-610

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201801-610

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001703

PATCH

title:	cisco-sa-20180117-staros	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros	Trust: 0.8
title:	CiscoStarOS Command Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/114549	Trust: 0.6
title:	Cisco ASR 5000 Series router Cisco StarOS Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77790	Trust: 0.6
title:	Cisco: Cisco StarOS CLI Command Injection Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180117-staros	Trust: 0.1

sources: CNVD: CNVD-2018-02053 // VULMON: CVE-2018-0115 // JVNDB: JVNDB-2018-001703 // CNNVD: CNNVD-201801-610

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0115	Trust: 3.5
db:	BID	id:	102788	Trust: 2.7
db:	SECTRACK	id:	1040239	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-001703	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-610	Trust: 0.7
db:	CNVD	id:	CNVD-2018-02053	Trust: 0.6
db:	VULHUB	id:	VHN-118317	Trust: 0.1
db:	VULMON	id:	CVE-2018-0115	Trust: 0.1

sources: CNVD: CNVD-2018-02053 // VULHUB: VHN-118317 // VULMON: CVE-2018-0115 // BID: 102788 // JVNDB: JVNDB-2018-001703 // CNNVD: CNNVD-201801-610 // NVD: CVE-2018-0115

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-staros	Trust: 2.8
url:	http://www.securityfocus.com/bid/102788	Trust: 2.5
url:	http://www.securitytracker.com/id/1040239	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0115	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0115	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-02053 // VULHUB: VHN-118317 // VULMON: CVE-2018-0115 // BID: 102788 // JVNDB: JVNDB-2018-001703 // CNNVD: CNNVD-201801-610 // NVD: CVE-2018-0115

CREDITS

Cisco

Trust: 0.3

sources: BID: 102788

SOURCES

db:	CNVD	id:	CNVD-2018-02053
db:	VULHUB	id:	VHN-118317
db:	VULMON	id:	CVE-2018-0115
db:	BID	id:	102788
db:	JVNDB	id:	JVNDB-2018-001703
db:	CNNVD	id:	CNNVD-201801-610
db:	NVD	id:	CVE-2018-0115

LAST UPDATE DATE

2024-11-23T22:12:41.811000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-02053	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-118317	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0115	date:	2019-10-09T00:00:00
db:	BID	id:	102788	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001703	date:	2018-03-02T00:00:00
db:	CNNVD	id:	CNNVD-201801-610	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0115	date:	2024-11-21T03:37:33.120

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-02053	date:	2018-01-26T00:00:00
db:	VULHUB	id:	VHN-118317	date:	2018-01-18T00:00:00
db:	VULMON	id:	CVE-2018-0115	date:	2018-01-18T00:00:00
db:	BID	id:	102788	date:	2018-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2018-001703	date:	2018-03-02T00:00:00
db:	CNNVD	id:	CNNVD-201801-610	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2018-0115	date:	2018-01-18T06:29:01.533