Sign-up

ID

VAR-201803-1396


CVE

CVE-2018-0182


TITLE

Cisco IOS XE In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003428

DESCRIPTION

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. Cisco IOS XE The software includes OS A command injection vulnerability exists. Vendors have confirmed this vulnerability Bug ID CSCuz03145 , CSCuz56419 , CSCva31971 ,and CSCvb09542 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco IOSXESoftware is a set of operating systems developed by Cisco for its network devices. CLIparser is one of the command line command parsers. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-0182 // JVNDB: JVNDB-2018-003428 // CNVD: CNVD-2018-08180 // BID: 103547 // VULHUB: VHN-118384

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08180

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xescope:ltversion:16.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.1.1

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:13.10.2s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.18.0as

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:15.4\(3\)s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.17s_3.17.0s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.17.2s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.17s.0

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.18s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.18.0s

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:3.17s.1

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.1.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.3(0)

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:neversion:16.3.1

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:16.3.1

Trust: 0.3

sources: CNVD: CNVD-2018-08180 // BID: 103547 // JVNDB: JVNDB-2018-003428 // CNNVD: CNNVD-201803-1013 // NVD: CVE-2018-0182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0182
value: HIGH

Trust: 1.0

NVD: CVE-2018-0182
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-08180
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1013
value: HIGH

Trust: 0.6

VULHUB: VHN-118384
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0182
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08180
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118384
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0182
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08180 // VULHUB: VHN-118384 // JVNDB: JVNDB-2018-003428 // CNNVD: CNNVD-201803-1013 // NVD: CVE-2018-0182

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-118384 // JVNDB: JVNDB-2018-003428 // NVD: CVE-2018-0182

THREAT TYPE

local

Trust: 0.9

sources: BID: 103547 // CNNVD: CNNVD-201803-1013

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-1013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003428

PATCH
title:cisco-sa-20180328-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj
Trust: 0.8
title:Patch for Cisco IOSXESoftwareCLI Parser Command Injection Vulnerability (CNVD-2018-08180)url:https://www.cnvd.org.cn/patchInfo/show/126873
Trust: 0.6
title:Cisco IOS XE Software CLI Fixup for parser command injection vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79481
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08180 // 
            
            
            
            JVNDB: JVNDB-2018-003428 // 
            
            
            
            CNNVD: CNNVD-201803-1013

EXTERNAL IDS
db:NVDid:CVE-2018-0182
Trust: 3.4
db:BIDid:103547
Trust: 2.0
db:JVNDBid:JVNDB-2018-003428
Trust: 0.8
db:CNNVDid:CNNVD-201803-1013
Trust: 0.7
db:CNVDid:CNVD-2018-08180
Trust: 0.6
db:VULHUBid:VHN-118384
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08180 // 
            
            
            
            VULHUB: VHN-118384 // 
            
            
            
            BID: 103547 // 
            
            
            
            JVNDB: JVNDB-2018-003428 // 
            
            
            
            CNNVD: CNNVD-201803-1013 // 
            
            
            
            NVD: CVE-2018-0182

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-cmdinj
Trust: 2.0
url:http://www.securityfocus.com/bid/103547
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0182
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0182
Trust: 0.8
url:https://bst.cloudapps.cisco.com/bugsearch/bug/cscuz56419
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-08180 // 
            
            
            
            VULHUB: VHN-118384 // 
            
            
            
            BID: 103547 // 
            
            
            
            JVNDB: JVNDB-2018-003428 // 
            
            
            
            CNNVD: CNNVD-201803-1013 // 
            
            
            
            NVD: CVE-2018-0182

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 103547

SOURCES
db:CNVDid:CNVD-2018-08180
db:VULHUBid:VHN-118384
db:BIDid:103547
db:JVNDBid:JVNDB-2018-003428
db:CNNVDid:CNNVD-201803-1013
db:NVDid:CVE-2018-0182

LAST UPDATE DATE
2024-11-23T21:53:15.551000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08180date:2018-04-24T00:00:00
db:VULHUBid:VHN-118384date:2019-10-09T00:00:00
db:BIDid:103547date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003428date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1013date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0182date:2024-11-21T03:37:40.887

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08180date:2018-04-24T00:00:00
db:VULHUBid:VHN-118384date:2018-03-28T00:00:00
db:BIDid:103547date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003428date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1013date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0182date:2018-03-28T22:29:01.640