Details of VAR-201803-1590

ID

VAR-201803-1590

CVE

CVE-2018-0211

TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002590

DESCRIPTION

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992. Vendors report this vulnerability Bug ID CSCvf63414 and CSCvh51992 Published as.Denial of service (DoS) May be in a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-0211 // JVNDB: JVNDB-2018-002590 // BID: 103334 // VULHUB: VHN-118413

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.2\(1.145\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.1\(0.474\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.4\(0.247\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine series appliances	scope:	eq	version:	33002.4(0.247)	Trust: 0.3
vendor:	cisco	model:	identity services engine series appliances	scope:	eq	version:	33002.2(1.145)	Trust: 0.3
vendor:	cisco	model:	identity services engine series appliances	scope:	eq	version:	33002.1(0.474)	Trust: 0.3
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103334 // JVNDB: JVNDB-2018-002590 // CNNVD: CNNVD-201803-256 // NVD: CVE-2018-0211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0211
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0211
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-256
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118413
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0211
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118413
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0211
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118413 // JVNDB: JVNDB-2018-002590 // CNNVD: CNNVD-201803-256 // NVD: CVE-2018-0211

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-118413 // JVNDB: JVNDB-2018-002590 // NVD: CVE-2018-0211

THREAT TYPE

local

Trust: 0.9

sources: BID: 103334 // CNNVD: CNNVD-201803-256

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 103334 // CNNVD: CNNVD-201803-256

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002590

PATCH

title:	cisco-sa-20180307-ise	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise	Trust: 0.8
title:	Cisco Identity Services Engine Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78990	Trust: 0.6

sources: JVNDB: JVNDB-2018-002590 // CNNVD: CNNVD-201803-256

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0211	Trust: 2.8
db:	BID	id:	103334	Trust: 2.0
db:	SECTRACK	id:	1040471	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002590	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-256	Trust: 0.7
db:	VULHUB	id:	VHN-118413	Trust: 0.1

sources: VULHUB: VHN-118413 // BID: 103334 // JVNDB: JVNDB-2018-002590 // CNNVD: CNNVD-201803-256 // NVD: CVE-2018-0211

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-ise	Trust: 2.0
url:	http://www.securityfocus.com/bid/103334	Trust: 1.7
url:	http://www.securitytracker.com/id/1040471	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0211	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0211	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118413 // BID: 103334 // JVNDB: JVNDB-2018-002590 // CNNVD: CNNVD-201803-256 // NVD: CVE-2018-0211

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103334

SOURCES

db:	VULHUB	id:	VHN-118413
db:	BID	id:	103334
db:	JVNDB	id:	JVNDB-2018-002590
db:	CNNVD	id:	CNNVD-201803-256
db:	NVD	id:	CVE-2018-0211

LAST UPDATE DATE

2024-11-23T22:00:39.561000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118413	date:	2019-10-09T00:00:00
db:	BID	id:	103334	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002590	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-256	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0211	date:	2024-11-21T03:37:44.483

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118413	date:	2018-03-08T00:00:00
db:	BID	id:	103334	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002590	date:	2018-04-20T00:00:00
db:	CNNVD	id:	CNNVD-201803-256	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-0211	date:	2018-03-08T07:29:00.643