Details of VAR-201802-0600

ID

VAR-201802-0600

CVE

CVE-2018-0134

TITLE

Cisco Policy Suite Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-001961

DESCRIPTION

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830. Cisco Policy Suite Contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg47830 It is released as.Information may be obtained. This may aid in further attacks. This solution provides functions such as user-based business rules, real-time management of applications and network resources. RADIUS authentication module is one of the RADIUS protocol authentication modules

Trust: 1.98

sources: NVD: CVE-2018-0134 // JVNDB: JVNDB-2018-001961 // BID: 102954 // VULHUB: VHN-118336

AFFECTED PRODUCTS

vendor:	cisco	model:	mobility services engine	scope:	eq	version:	13.1.0	Trust: 1.6
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	cisco	model:	policy suite	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	policy suite	scope:	eq	version:	13.1	Trust: 0.3
vendor:	cisco	model:	policy suite	scope:	eq	version:	13.0	Trust: 0.3
vendor:	cisco	model:	mobility services engine	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	policy suite hotfix patch	scope:	ne	version:	13.11	Trust: 0.3

sources: BID: 102954 // JVNDB: JVNDB-2018-001961 // CNNVD: CNNVD-201802-268 // NVD: CVE-2018-0134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0134
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0134
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-268
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118336
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0134
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118336
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0134
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0134
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118336 // JVNDB: JVNDB-2018-001961 // CNNVD: CNNVD-201802-268 // NVD: CVE-2018-0134

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-203	Trust: 1.1

sources: VULHUB: VHN-118336 // JVNDB: JVNDB-2018-001961 // NVD: CVE-2018-0134

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-268

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-268

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001961

PATCH

title:

cisco-sa-20180207-cps1

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1

Trust: 0.8

sources: JVNDB: JVNDB-2018-001961

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0134	Trust: 2.8
db:	BID	id:	102954	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-001961	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-268	Trust: 0.7
db:	VULHUB	id:	VHN-118336	Trust: 0.1

sources: VULHUB: VHN-118336 // BID: 102954 // JVNDB: JVNDB-2018-001961 // CNNVD: CNNVD-201802-268 // NVD: CVE-2018-0134

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-cps1	Trust: 2.0
url:	http://www.securityfocus.com/bid/102954	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0134	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0134	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118336 // BID: 102954 // JVNDB: JVNDB-2018-001961 // CNNVD: CNNVD-201802-268 // NVD: CVE-2018-0134

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 102954

SOURCES

db:	VULHUB	id:	VHN-118336
db:	BID	id:	102954
db:	JVNDB	id:	JVNDB-2018-001961
db:	CNNVD	id:	CNNVD-201802-268
db:	NVD	id:	CVE-2018-0134

LAST UPDATE DATE

2024-11-23T23:08:46.918000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118336	date:	2020-09-04T00:00:00
db:	BID	id:	102954	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-001961	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201802-268	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0134	date:	2024-11-21T03:37:35.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118336	date:	2018-02-08T00:00:00
db:	BID	id:	102954	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-001961	date:	2018-03-16T00:00:00
db:	CNNVD	id:	CNNVD-201802-268	date:	2018-02-09T00:00:00
db:	NVD	id:	CVE-2018-0134	date:	2018-02-08T07:29:00.837