Details of VAR-201803-1584

ID

VAR-201803-1584

CVE

CVE-2018-0198

TITLE

Cisco Unified Communications Manager Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-003367

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of database tables. An attacker could exploit this vulnerability by browsing to a specific URL. A successful exploit could allow the attacker to view data library information. Cisco Bug IDs: CSCvh66592. Vendors have confirmed this vulnerability Bug ID CSCvh66592 It is released as.Information may be obtained. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2018-0198 // JVNDB: JVNDB-2018-003367 // BID: 102965 // VULHUB: VHN-118400

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	11.5(1.10000.6)	Trust: 0.3

sources: BID: 102965 // JVNDB: JVNDB-2018-003367 // CNNVD: CNNVD-201802-354 // NVD: CVE-2018-0198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0198
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0198
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-354
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118400
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0198
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118400
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0198
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0198
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118400 // JVNDB: JVNDB-2018-003367 // CNNVD: CNNVD-201802-354 // NVD: CVE-2018-0198

PROBLEMTYPE DATA

problemtype:	CWE-693	Trust: 1.9
problemtype:	CWE-425	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-118400 // JVNDB: JVNDB-2018-003367 // NVD: CVE-2018-0198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-354

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-354

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003367

PATCH

title:

cisco-sa-20180207-ucm1

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1

Trust: 0.8

sources: JVNDB: JVNDB-2018-003367

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0198	Trust: 2.8
db:	BID	id:	102965	Trust: 2.0
db:	SECTRACK	id:	1040342	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-003367	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-354	Trust: 0.7
db:	VULHUB	id:	VHN-118400	Trust: 0.1

sources: VULHUB: VHN-118400 // BID: 102965 // JVNDB: JVNDB-2018-003367 // CNNVD: CNNVD-201802-354 // NVD: CVE-2018-0198

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-ucm1	Trust: 2.0
url:	http://www.securityfocus.com/bid/102965	Trust: 1.7
url:	http://www.securitytracker.com/id/1040342	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0198	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0198	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-118400 // BID: 102965 // JVNDB: JVNDB-2018-003367 // CNNVD: CNNVD-201802-354 // NVD: CVE-2018-0198

CREDITS

Cisco

Trust: 0.9

sources: BID: 102965 // CNNVD: CNNVD-201802-354

SOURCES

db:	VULHUB	id:	VHN-118400
db:	BID	id:	102965
db:	JVNDB	id:	JVNDB-2018-003367
db:	CNNVD	id:	CNNVD-201802-354
db:	NVD	id:	CVE-2018-0198

LAST UPDATE DATE

2024-11-23T22:59:05.110000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118400	date:	2020-09-04T00:00:00
db:	BID	id:	102965	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-003367	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201802-354	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0198	date:	2024-11-21T03:37:42.773

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118400	date:	2018-03-27T00:00:00
db:	BID	id:	102965	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-003367	date:	2018-05-23T00:00:00
db:	CNNVD	id:	CNNVD-201802-354	date:	2018-02-12T00:00:00
db:	NVD	id:	CVE-2018-0198	date:	2018-03-27T09:29:00.343