Details of VAR-201803-1592

ID

VAR-201803-1592

CVE

CVE-2018-0213

TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002550

DESCRIPTION

A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753. Vendors have confirmed this vulnerability Bug ID CSCvf69753 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-0213 // JVNDB: JVNDB-2018-002550 // BID: 103332 // VULHUB: VHN-118415

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.1\(0.904\)	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine series appliances	scope:	eq	version:	33002.1(0.904)	Trust: 0.3
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103332 // JVNDB: JVNDB-2018-002550 // CNNVD: CNNVD-201803-254 // NVD: CVE-2018-0213

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0213
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0213
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201803-254
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118415
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0213
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118415
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0213
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118415 // JVNDB: JVNDB-2018-002550 // CNNVD: CNNVD-201803-254 // NVD: CVE-2018-0213

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-264	Trust: 1.9

sources: VULHUB: VHN-118415 // JVNDB: JVNDB-2018-002550 // NVD: CVE-2018-0213

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-254

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 103332 // CNNVD: CNNVD-201803-254

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002550

PATCH

title:	cisco-sa-20180307-ise2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise2	Trust: 0.8
title:	Cisco Identity Services Engine Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78988	Trust: 0.6

sources: JVNDB: JVNDB-2018-002550 // CNNVD: CNNVD-201803-254

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0213	Trust: 2.8
db:	BID	id:	103332	Trust: 2.0
db:	SECTRACK	id:	1040471	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002550	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-254	Trust: 0.6
db:	VULHUB	id:	VHN-118415	Trust: 0.1

sources: VULHUB: VHN-118415 // BID: 103332 // JVNDB: JVNDB-2018-002550 // CNNVD: CNNVD-201803-254 // NVD: CVE-2018-0213

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-ise2	Trust: 2.0
url:	http://www.securityfocus.com/bid/103332	Trust: 1.7
url:	http://www.securitytracker.com/id/1040471	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0213	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0213	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps11640/	Trust: 0.3

sources: VULHUB: VHN-118415 // BID: 103332 // JVNDB: JVNDB-2018-002550 // CNNVD: CNNVD-201803-254 // NVD: CVE-2018-0213

CREDITS

Cisco

Trust: 0.3

sources: BID: 103332

SOURCES

db:	VULHUB	id:	VHN-118415
db:	BID	id:	103332
db:	JVNDB	id:	JVNDB-2018-002550
db:	CNNVD	id:	CNNVD-201803-254
db:	NVD	id:	CVE-2018-0213

LAST UPDATE DATE

2024-11-23T22:00:39.409000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118415	date:	2019-10-09T00:00:00
db:	BID	id:	103332	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002550	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-254	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0213	date:	2024-11-21T03:37:44.770

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118415	date:	2018-03-08T00:00:00
db:	BID	id:	103332	date:	2018-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002550	date:	2018-04-18T00:00:00
db:	CNNVD	id:	CNNVD-201803-254	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-0213	date:	2018-03-08T07:29:00.753