Sign-up

ID

VAR-201802-0603


CVE

CVE-2018-0138


TITLE

Cisco Firepower System Software Vulnerability in protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2018-002213

DESCRIPTION

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946. Cisco Firepower System Software Contains a vulnerability related to failure of the protection mechanism. Vendors have confirmed this vulnerability Bug ID CSCve26946 It is released as.Information may be tampered with. Detectionengine is one of the intrusion detection engines. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions

Trust: 2.52

sources: NVD: CVE-2018-0138 // JVNDB: JVNDB-2018-002213 // CNVD: CNVD-2018-05310 // BID: 102978 // VULHUB: VHN-118340

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05310

AFFECTED PRODUCTS

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.3

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.0

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.1.0

Trust: 1.6

vendor:ciscomodel:firepower threat defensescope:eqversion:6.2.2

Trust: 1.6

vendor:ciscomodel:firepower threat defense softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower system softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:firepower system softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-05310 // BID: 102978 // JVNDB: JVNDB-2018-002213 // CNNVD: CNNVD-201802-265 // NVD: CVE-2018-0138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0138
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0138
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05310
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118340
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05310
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118340
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0138
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05310 // VULHUB: VHN-118340 // JVNDB: JVNDB-2018-002213 // CNNVD: CNNVD-201802-265 // NVD: CVE-2018-0138

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-118340 // JVNDB: JVNDB-2018-002213 // NVD: CVE-2018-0138

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-265

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201802-265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002213

PATCH
title:cisco-sa-20180207-fssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-fss
Trust: 0.8
title:Patch for CiscoFirepower System Software Security Bypass Vulnerability (CNVD-2018-05310)url:https://www.cnvd.org.cn/patchInfo/show/121429
Trust: 0.6
title:Cisco Firepower System Software detection Repair measures for engine security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78378
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05310 // 
            
            
            
            JVNDB: JVNDB-2018-002213 // 
            
            
            
            CNNVD: CNNVD-201802-265

EXTERNAL IDS
db:NVDid:CVE-2018-0138
Trust: 3.4
db:BIDid:102978
Trust: 2.6
db:JVNDBid:JVNDB-2018-002213
Trust: 0.8
db:CNNVDid:CNNVD-201802-265
Trust: 0.7
db:CNVDid:CNVD-2018-05310
Trust: 0.6
db:VULHUBid:VHN-118340
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05310 // 
            
            
            
            VULHUB: VHN-118340 // 
            
            
            
            BID: 102978 // 
            
            
            
            JVNDB: JVNDB-2018-002213 // 
            
            
            
            CNNVD: CNNVD-201802-265 // 
            
            
            
            NVD: CVE-2018-0138

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-fss
Trust: 2.6
url:http://www.securityfocus.com/bid/102978
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0138
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0138
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05310 // 
            
            
            
            VULHUB: VHN-118340 // 
            
            
            
            BID: 102978 // 
            
            
            
            JVNDB: JVNDB-2018-002213 // 
            
            
            
            CNNVD: CNNVD-201802-265 // 
            
            
            
            NVD: CVE-2018-0138

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 102978

SOURCES
db:CNVDid:CNVD-2018-05310
db:VULHUBid:VHN-118340
db:BIDid:102978
db:JVNDBid:JVNDB-2018-002213
db:CNNVDid:CNNVD-201802-265
db:NVDid:CVE-2018-0138

LAST UPDATE DATE
2024-11-23T22:41:58.579000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05310date:2018-03-15T00:00:00
db:VULHUBid:VHN-118340date:2019-10-09T00:00:00
db:BIDid:102978date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002213date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201802-265date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0138date:2024-11-21T03:37:35.717

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05310date:2018-03-15T00:00:00
db:VULHUBid:VHN-118340date:2018-02-08T00:00:00
db:BIDid:102978date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002213date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201802-265date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0138date:2018-02-08T07:29:00.977