Sign-up

ID

VAR-201803-1593


CVE

CVE-2018-0214


TITLE

Cisco Identity Services Engine Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002597

DESCRIPTION

A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this user. The vulnerability is due to insufficient input validation of CLI command user input. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a CLI command with crafted user input. A successful exploit could allow the attacker to execute arbitrary commands on the affected system that should be restricted. The attacker would need to have valid user credentials for the device. Cisco Bug IDs: CSCvf49844. Vendors have confirmed this vulnerability Bug ID CSCvf49844 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-0214 // JVNDB: JVNDB-2018-002597 // BID: 103331 // VULHUB: VHN-118416

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.1\(102.103\)

Trust: 1.6

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine series appliancesscope:eqversion:33002.1(102.103)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

sources: BID: 103331 // JVNDB: JVNDB-2018-002597 // CNNVD: CNNVD-201803-253 // NVD: CVE-2018-0214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0214
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0214
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201803-253
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118416
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0214
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118416
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0214
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2018-0214
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118416 // JVNDB: JVNDB-2018-002597 // CNNVD: CNNVD-201803-253 // NVD: CVE-2018-0214

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

problemtype:CWE-74

Trust: 0.1

sources: VULHUB: VHN-118416 // JVNDB: JVNDB-2018-002597 // NVD: CVE-2018-0214

THREAT TYPE

local

Trust: 0.9

sources: BID: 103331 // CNNVD: CNNVD-201803-253

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-253

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002597

PATCH
title:cisco-sa-20180307-ise3url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise3
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-002597

EXTERNAL IDS
db:NVDid:CVE-2018-0214
Trust: 2.8
db:BIDid:103331
Trust: 2.0
db:SECTRACKid:1040471
Trust: 1.7
db:JVNDBid:JVNDB-2018-002597
Trust: 0.8
db:CNNVDid:CNNVD-201803-253
Trust: 0.7
db:VULHUBid:VHN-118416
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118416 // 
            
            
            
            BID: 103331 // 
            
            
            
            JVNDB: JVNDB-2018-002597 // 
            
            
            
            CNNVD: CNNVD-201803-253 // 
            
            
            
            NVD: CVE-2018-0214

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-ise3
Trust: 2.0
url:http://www.securityfocus.com/bid/103331
Trust: 1.7
url:http://www.securitytracker.com/id/1040471
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0214
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0214
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118416 // 
            
            
            
            BID: 103331 // 
            
            
            
            JVNDB: JVNDB-2018-002597 // 
            
            
            
            CNNVD: CNNVD-201803-253 // 
            
            
            
            NVD: CVE-2018-0214

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103331

SOURCES
db:VULHUBid:VHN-118416
db:BIDid:103331
db:JVNDBid:JVNDB-2018-002597
db:CNNVDid:CNNVD-201803-253
db:NVDid:CVE-2018-0214

LAST UPDATE DATE
2024-11-23T22:00:39.470000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118416date:2020-09-04T00:00:00
db:BIDid:103331date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002597date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-253date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0214date:2024-11-21T03:37:44.910

SOURCES RELEASE DATE
db:VULHUBid:VHN-118416date:2018-03-08T00:00:00
db:BIDid:103331date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002597date:2018-04-20T00:00:00
db:CNNVDid:CNNVD-201803-253date:2018-03-09T00:00:00
db:NVDid:CVE-2018-0214date:2018-03-08T07:29:00.800